Test ID:	1.3.6.1.4.1.25623.1.1.12.2025.7181.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-7181-1)
Summary:	The remote host is missing an update for the 'salt' package(s) announced via the USN-7181-1 advisory.
Description:	Summary: The remote host is missing an update for the 'salt' package(s) announced via the USN-7181-1 advisory. Vulnerability Insight: It was discovered that Salt incorrectly handled web requests when the SSH client was enabled. An attacker could possibly use this issue to achieve remote code execution or obtain sensitive information. Affected Software/OS: 'salt' package(s) on Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-16846 Debian Security Information: DSA-4837 (Google Search) https://www.debian.org/security/2021/dsa-4837 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TPOGB2F6XUAIGFDTOCQDNB2VIXFXHWMA/ https://security.gentoo.org/glsa/202011-13 http://packetstormsecurity.com/files/160039/SaltStack-Salt-REST-API-Arbitrary-Command-Execution.html https://github.com/saltstack/salt/releases https://www.zerodayinitiative.com/advisories/ZDI-20-1379/ https://www.zerodayinitiative.com/advisories/ZDI-20-1380/ https://www.zerodayinitiative.com/advisories/ZDI-20-1381/ https://www.zerodayinitiative.com/advisories/ZDI-20-1382/ https://www.zerodayinitiative.com/advisories/ZDI-20-1383/ https://lists.debian.org/debian-lts-announce/2020/12/msg00007.html https://lists.debian.org/debian-lts-announce/2022/01/msg00000.html SuSE Security Announcement: openSUSE-SU-2020:1868 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.