Bugzilla – Bug 1035912
VUL-0: CVE-2017-8109: salt: salt-ssh temporary files - insecure permissions
Last modified: 2017-10-25 19:15:29 UTC
from https://docs.saltstack.com/en/latest/topics/releases/2016.11.4.html ISSUE #40075: (afletch) salt-ssh temporary files - insecure permissions | refs: #40609 https://github.com/saltstack/salt/issues/40075 When salt-ssh sets up it's temporary location (eg. /var/tmp/.root_xxxx_salt), the files contained (eg. /var/tmp/.root_xxxx_salt/running_data/var/cache/salt/minion/files) are 0644. Some of these files may well contain sensitive data such as private keys (which when installed will be set to 0600 by the state). The permissions may be inherited from the salt-master, but if these files come from a backend such as gitfs, they seem to have 0644 in the master gitfs cache (which in itself is a problem!) From https://github.com/saltstack/salt/issues/40075 ... changes the behavior of the fileserver which used to mirror permissions from the salt master to the minion cache when caching files. Before this change, the file permissions from the fileserver were mirrored to the minion file cache. Now the cache is set to 600, and we lookup the file permissions at the time of placing the file down on the filesystem. https://github.com/saltstack/salt/commit/8492cef7a5c8871a3978ffc2f6e48b3b960e0151
I have requested a CVE from Mitre. This can be fixed in the 2016.11.4 feature update, but please reference this bug and the CVE there.
SUSE-SU-2017:1581-1: An update that solves two vulnerabilities and has 17 fixes is now available. Category: security (moderate) Bug References: 1011800,1012999,1017078,1020831,1022562,1025896,1027240,1027722,1030009,1030073,1032931,1035912,1035914,1036125,1038855,1039370,1040584,1040886,1043111 CVE References: CVE-2017-5200,CVE-2017-8109 Sources used: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (src): salt-2016.11.4-42.2 SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (src): salt-2016.11.4-42.2
SUSE-SU-2017:1582-1: An update that solves two vulnerabilities and has 17 fixes is now available. Category: security (moderate) Bug References: 1011800,1012999,1017078,1020831,1022562,1025896,1027240,1027722,1030009,1030073,1032931,1035912,1035914,1036125,1038855,1039370,1040584,1040886,1043111 CVE References: CVE-2017-5200,CVE-2017-8109 Sources used: SUSE Manager Tools 12 (src): salt-2016.11.4-45.2 SUSE Manager Server 3.0 (src): salt-2016.11.4-45.2 SUSE Manager Proxy 3.0 (src): salt-2016.11.4-45.2 SUSE Linux Enterprise Point of Sale 12-SP2 (src): salt-2016.11.4-45.2 SUSE Linux Enterprise Module for Advanced Systems Management 12 (src): salt-2016.11.4-45.2 SUSE Enterprise Storage 4 (src): salt-2016.11.4-45.2 SUSE Enterprise Storage 3 (src): salt-2016.11.4-45.2 OpenStack Cloud Magnum Orchestration 7 (src): salt-2016.11.4-45.2
released