rossengeorgiev / Salt Security Backports
Salt security backports for CVE-2020-11651 & CVE-2020-11652
Stars: ✭ 109
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Salt Security Backports
Saltstack Mesos Test
Deploy a mesos docker cluster with saltstack
Stars: ✭ 11 (-89.91%)
Mutual labels: saltstack
Ec2 Autoscale Reactor
Autonomous Minion Management via EC2 Autoscaler
Stars: ✭ 78 (-28.44%)
Mutual labels: saltstack
Saltconsul Examples
Setup an environment with Salt and Consul - ready for the cloud!
Stars: ✭ 30 (-72.48%)
Mutual labels: saltstack
Ffho Salt Public
Salt-Orchestrated OpenSource based Software-Defined-Freifunk-Infrastructre-Network configuration :) Mirrored from https://git.ffho.net/FreifunkHochstift/ffho-salt-public
Stars: ✭ 12 (-88.99%)
Mutual labels: saltstack
Caasp Salt
A collection of salt states used to provision a kubernetes cluster
Stars: ✭ 67 (-38.53%)
Mutual labels: saltstack
Salt Winrepo
Salt Windows Software Package Manager Repo
Stars: ✭ 105 (-3.67%)
Mutual labels: saltstack
Official patches for previous versions can be requested at: https://www.saltstack.com/lp/request-patch-april-2020/
⚠ Patches here are custom, and may differ from official ones ⚠
Backported security patches for unsupported salt versions
Patches in this repo address the following CVEs:
- CVE-2020-11651 & CVE-2020-11652 - https://labs.f-secure.com/advisories/saltstack-authorization-bypass
Additionally include the following bugfixes:
- fix typo
_minion_runner->minion_runner. See: https://docs.saltstack.com/en/latest/topics/releases/3000.2.html#known-issue - fix type
_find_file_and_stat->_find_hash_and_stat. See https://github.com/rossengeorgiev/salt-security-backports/issues/1 - removal of
run_funcfrom whitelist - missing
import salt.utils.verify
Above fixed are included in latest release of SaltStack, specifically v2019.2.5 and v3000.3.
Check if your salt-master is vulnerable
Check script needs to be ran locally on your salt-master as root
python salt-cve-check.py
Example output for Salt 2017.7.8:
[+] Salt version: 2017.7.8
[ ] This version of salt is vulnerable! Check results below
[+] Checking salt-master (127.0.0.1:4506) status... ONLINE
[+] Checking if vulnerable to CVE-2020-11651... YES
[+] Checking if vulnerable to CVE-2020-11652 (read_token)... YES
[+] Checking if vulnerable to CVE-2020-11652 (read)... YES
[+] Checking if vulnerable to CVE-2020-11652 (write1)... YES
[+] Checking if vulnerable to CVE-2020-11652 (write2)... YES
Applying the patches
# locate the salt package directory (use python3 if necessary)
python -c "import imp; print(imp.find_module('salt')[1])"
# in my case: /usr/lib/python2.7/dist-packages/salt
# apply patches
# (adding -b flag will backup file before modifications at same path with .orig suffix)
# (patch can be reversed running the same command with -R flag)
patch -p2 -d /usr/lib/python2.7/dist-packages/salt < 2017.7.8_CVE-2020-11651.patch
patch -p2 -d /usr/lib/python2.7/dist-packages/salt < 2017.7.8_CVE-2020-11652.patch
# restart salt-master
systemctl restart salt-master
# or
service salt-master restart
Rerun the check script:
[email protected] # python salt-cve-check.py
[+] Salt version: 2017.7.8
[ ] This version of salt is vulnerable! Check results below
[+] Checking salt-master (127.0.0.1:4506) status... ONLINE
[+] Checking if vulnerable to CVE-2020-11651... NO
[+] Checking if vulnerable to CVE-2020-11652 (read_token)... NO
[+] Checking if vulnerable to CVE-2020-11652 (read)... NO
[+] Checking if vulnerable to CVE-2020-11652 (write1)... NO
[+] Checking if vulnerable to CVE-2020-11652 (write2)... NO
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].