Tuesday, March 2, 2021

SUSE: CVE-2020-28243: SUSE Linux Security Advisory

Description
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
Solution(s)
  • suse-upgrade-python2-salt
  • suse-upgrade-python3-salt
  • suse-upgrade-salt
  • suse-upgrade-salt-api
  • suse-upgrade-salt-bash-completion
  • suse-upgrade-salt-cloud
  • suse-upgrade-salt-doc
  • suse-upgrade-salt-fish-completion
  • suse-upgrade-salt-master
  • suse-upgrade-salt-minion
  • suse-upgrade-salt-proxy
  • suse-upgrade-salt-ssh
  • suse-upgrade-salt-standalone-formulas-configuration
  • suse-upgrade-salt-syndic
  • suse-upgrade-salt-zsh-completion


  • References
     

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated