Test ID:	1.3.6.1.4.1.25623.1.1.12.2021.4769.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4769-1)
Summary:	The remote host is missing an update for the 'salt' package(s) announced via the USN-4769-1 advisory.
Description:	Summary: The remote host is missing an update for the 'salt' package(s) announced via the USN-4769-1 advisory. Vulnerability Insight: It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3563) Andreas Stieger discovered that Salt exposed git usernames and passwords in log files. An attacker could use this issue to retrieve sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6918). It was discovered that Salt exposed password authentication credentials in log files. An attacker could use this issue to retrieve sensitive information. This issue only affected Ubuntu 14.04 ESM. (CVE-2015-6941) It was discovered that Salt allowed remote attackers to write to arbitrary files via a special crafted file. An attacker could use this issue to cause a DoS or possibly execute arbitrary code. (CVE-2017-12791, CVE-2017-14695, CVE-2017-14696) It was discovered that Salt allowed remote attackers to determine which files exist on the server. An attacker could use this issue to extract sensitive information. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-15750) It was discovered that Salt allowed users to bypass authentication. An attacker could use this issue to extract sensitive information, execute arbitrary code or crash the server. This issue only affected Ubuntu 16.04 ESM. (CVE-2018-15751) Affected Software/OS: 'salt' package(s) on Ubuntu 14.04, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3563 69319 http://www.securityfocus.com/bid/69319 [oss-security] 20140821 Revised: Salt 2014.1.10 released http://seclists.org/oss-sec/2014/q3/428 http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html salt-cve20143563-symlink(95392) https://exchange.xforce.ibmcloud.com/vulnerabilities/95392 Common Vulnerability Exposure (CVE) ID: CVE-2015-6918 Common Vulnerability Exposure (CVE) ID: CVE-2015-6941 Common Vulnerability Exposure (CVE) ID: CVE-2017-12791 BugTraq ID: 100384 http://www.securityfocus.com/bid/100384 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872399 https://bugzilla.redhat.com/show_bug.cgi?id=1482006 Common Vulnerability Exposure (CVE) ID: CVE-2017-14695 SuSE Security Announcement: openSUSE-SU-2017:2822 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-10/msg00073.html SuSE Security Announcement: openSUSE-SU-2017:2824 (Google Search) http://lists.opensuse.org/opensuse-updates/2017-10/msg00075.html Common Vulnerability Exposure (CVE) ID: CVE-2017-14696 Common Vulnerability Exposure (CVE) ID: CVE-2018-15750 https://lists.debian.org/debian-lts-announce/2020/07/msg00024.html https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ SuSE Security Announcement: openSUSE-SU-2020:1074 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html https://usn.ubuntu.com/4459-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-15751
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.