Shulou(Shulou.com)06/01 Report--

Xiaobian today brings you to understand the example analysis of several serious vulnerability notices in SaltStack. The knowledge points introduced in this article are very detailed. Friends who feel helpful can browse the content of the article together with Xiaobian, hoping to help more friends who want to solve this problem find the answer to the question. Let's study the knowledge of "Sample Analysis of SaltStack Multiple Serious Vulnerability Notices" together with Xiaobian.

0x00 Vulnerability Background

On May 4,2020, 360CERT monitoring found that foreign security teams issued risk notices for multiple vulnerabilities in SaltStack, vulnerability number CVE-2020-11651/CVE-2020-11652, vulnerability level: serious.

SaltStack is a Python-based server management platform. With service configuration management, remote command, monitoring status and other functions. It is characterized by easy deployment, good scalability, easy management of tens of thousands of servers, fast speed, second-level communication between servers.

SaltStack has authentication bypass vulnerability/directory traversal vulnerability, remote attackers by sending a specially crafted request, can cause control of all servers in SaltStack, and execute arbitrary commands harm

At present, organizations have used such vulnerabilities to invade enterprise internal servers

In this regard, 360CERT recommends that the majority of users install the latest patches in time, do a good job of asset self-inspection and prevention work, so as to avoid hacker attacks.

0x01 Risk Level

360CERT rated the event as follows

Rating Method Threat Level Critical Impact Area Average 0x02 Vulnerability Details

CVE-2020-11651 authentication bypass vulnerability, the attacker only needs to send a specially crafted request packet, bypassing SaltStack permission management to invoke SaltStack related functions for command issuance. Causes remote command execution vulnerability.

CVE-2020-11652 directory traversal vulnerability allows an attacker to construct malicious requests to read arbitrary files on the SaltStack server. This leads to sensitive information leakage.

0x03 Impact Version

SaltStack：< 2019.2.4

SaltStack：< 3000.2

0x04 Repair Suggestions General Repair Suggestions:

Upgrade to version 2019.2.4/3000.2, download at:

SaltStack Release

https://github.com/saltstack/salt/releases

Thank you for reading, the above is the "SaltStack multiple serious vulnerability notification example analysis" of the entire content, learn friends to quickly operate it. I believe that Xiaobian will definitely bring you better quality articles. Thank you for your support of the website!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.