Bugzilla – Bug 1185281
VUL-0: CVE-2021-31607: salt: Command injection in the snapper module
Last modified: 2023-03-01 10:18:23 UTC
rh#1953065 In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely). References: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/ References: https://bugzilla.redhat.com/show_bug.cgi?id=1953065 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31607 https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
This is now fixed by: https://github.com/openSUSE/salt/commit/299beb056a08ca6171dba56f4fc463a0186718f2 We backported the above fix to all affected Salt versions currently maintained: - Salt 2016.11.10 - Salt 3000 - Salt 3000.3 - Salt 3002.2 I think this now done on our side. Setting assignee back to Security.
SUSE-SU-2021:1693-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1185092,1185281 CVE References: CVE-2021-31607 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14733-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available. Category: security (moderate) Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197 JIRA References: ECO-3212 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14734-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available. Category: security (moderate) Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197 JIRA References: ECO-3212 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1688-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1173692,1185092,1185281 CVE References: CVE-2021-31607 JIRA References: Sources used: SUSE Manager Tools 12-BETA (src): salt-3000-49.35.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14732-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 1177884,1185178,1185281 CVE References: CVE-2021-31607 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA (src): mgr-daemon-4.2.7-8.12.1, mgr-osad-4.2.5-8.15.1, salt-2016.11.10-46.18.1, spacecmd-4.2.8-21.24.1, spacewalk-client-tools-4.2.10-30.30.1 SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA (src): mgr-daemon-4.2.7-8.12.1, mgr-osad-4.2.5-8.15.1, salt-2016.11.10-46.18.1, spacecmd-4.2.8-21.24.1, spacewalk-client-tools-4.2.10-30.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1690-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available. Category: security (moderate) Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197 JIRA References: ECO-3212 Sources used: SUSE Manager Tools 15-BETA (src): salt-3002.2-8.41.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1694-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available. Category: security (moderate) Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281 CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197 JIRA References: ECO-3212 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1951-1: An update that solves one vulnerability, contains three features and has one errata is now available. Category: security (important) Bug References: 1185281,1186674 CVE References: CVE-2021-31607 JIRA References: ECO-3212,SLE-18028,SLE-18033 Sources used: SUSE Linux Enterprise Module for Transactional Server 15-SP3 (src): salt-3002.2-8.41.8.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): salt-3002.2-8.41.8.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): salt-3002.2-8.41.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2021:2099-1: An update that has 38 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1151558,1172711,1175216,1178767,1180673,1180994,1182744,1182954,1183573,1183649,1183845,1183864,1184005,1184286,1184311,1184332,1184351,1184361,1184471,1184475,1184561,1184617,1184849,1184892,1184929,1184940,1185042,1185097,1185281,1185506,1185568,1185965,1186025,1186124,1186346,1186508,1186765,1186858 CVE References: JIRA References: Sources used: SUSE Manager Server 4.1 (src): release-notes-susemanager-4.1.8.1-3.52.1 SUSE Manager Retail Branch Server 4.1 (src): release-notes-susemanager-proxy-4.1.8-3.35.1 SUSE Manager Proxy 4.1 (src): release-notes-susemanager-proxy-4.1.8-3.35.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2098-1: An update that solves two vulnerabilities and has 35 fixes is now available. Category: security (moderate) Bug References: 1151558,1172711,1175216,1178767,1180673,1182744,1183573,1183649,1183845,1183864,1184005,1184286,1184311,1184332,1184351,1184361,1184471,1184475,1184561,1184617,1184849,1184892,1184929,1184940,1185042,1185097,1185281,1185506,1185568,1185965,1186025,1186124,1186346,1186508,1186765,1186852,1186858 CVE References: CVE-2021-28657,CVE-2021-31607 JIRA References: Sources used: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src): cobbler-3.0.0+git20190806.32c4bae0-5.11.1, golang-github-prometheus-node_exporter-1.1.2-3.6.5, grafana-formula-0.4.1-3.9.2, patterns-suse-manager-4.1-6.9.2, prometheus-exporters-formula-0.9.1-3.22.1, py26-compat-salt-2016.11.10-6.14.2, py27-compat-salt-3000.3-6.3.2, spacewalk-admin-4.1.9-3.12.2, spacewalk-backend-4.1.25-4.32.6, spacewalk-branding-4.1.12-3.12.2, spacewalk-certs-tools-4.1.17-3.17.2, spacewalk-java-4.1.36-3.44.1, spacewalk-utils-4.1.16-3.18.2, spacewalk-web-4.1.26-3.24.8, susemanager-4.1.26-3.25.1, susemanager-build-keys-15.2.4-3.17.1, susemanager-doc-indexes-4.1-11.34.8, susemanager-docs_en-4.1-11.34.2, susemanager-schema-4.1.21-3.30.6, susemanager-sls-4.1.28-3.42.1, susemanager-sync-data-4.1.14-3.23.2, tika-core-1.26-3.5.2, uyuni-common-libs-4.1.8-3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2021:2115-1: An update that has 19 recommended fixes can now be installed. Category: recommended (important) Bug References: 1172711,1182817,1184005,1184283,1184311,1184332,1184361,1184471,1184475,1184561,1184617,1184861,1184892,1185097,1185281,1185506,1186124,1186346,1186508 CVE References: JIRA References: Sources used: SUSE Manager Server 4.0 (src): release-notes-susemanager-4.0.14-3.74.1 SUSE Manager Retail Branch Server 4.0 (src): release-notes-susemanager-proxy-4.0.14-0.16.58.1 SUSE Manager Proxy 4.0 (src): release-notes-susemanager-proxy-4.0.14-0.16.58.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2104-1: An update that solves two vulnerabilities, contains three features and has 8 fixes is now available. Category: security (critical) Bug References: 1171257,1176293,1179831,1181368,1182281,1182293,1182382,1185092,1185281,1186674 CVE References: CVE-2021-25315,CVE-2021-31607 JIRA References: ECO-3212,SLE-18028,SLE-18033 Sources used: SUSE Linux Enterprise Server for SAP 15 (src): salt-3002.2-8.41.8.1 SUSE Linux Enterprise Server 15-LTSS (src): salt-3002.2-8.41.8.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): salt-3002.2-8.41.8.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): salt-3002.2-8.41.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2111-1: An update that solves two vulnerabilities, contains three features and has 12 fixes is now available. Category: security (moderate) Bug References: 1171257,1173557,1176293,1179831,1180583,1180584,1180585,1181368,1182281,1182293,1182382,1185092,1185281,1186674 CVE References: CVE-2021-25315,CVE-2021-31607 JIRA References: ECO-3212,SLE-18028,SLE-18033 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2105-1: An update that solves 7 vulnerabilities, contains three features and has three fixes is now available. Category: security (critical) Bug References: 1171257,1176293,1179831,1181368,1182281,1182293,1182382,1185092,1185281,1186674 CVE References: CVE-2018-15750,CVE-2018-15751,CVE-2020-11651,CVE-2020-11652,CVE-2020-25592,CVE-2021-25315,CVE-2021-31607 JIRA References: ECO-3212,SLE-18028,SLE-18033 Sources used: SUSE Manager Server 4.0 (src): salt-3002.2-37.1 SUSE Manager Retail Branch Server 4.0 (src): salt-3002.2-37.1 SUSE Manager Proxy 4.0 (src): salt-3002.2-37.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): salt-3002.2-37.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): salt-3002.2-37.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): salt-3002.2-37.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): salt-3002.2-37.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): salt-3002.2-37.1 SUSE Enterprise Storage 6 (src): salt-3002.2-37.1 SUSE CaaS Platform 4.0 (src): salt-3002.2-37.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2102-1: An update that solves one vulnerability and has 5 fixes is now available. Category: security (important) Bug References: 1173692,1179831,1181368,1182281,1185092,1185281 CVE References: CVE-2021-31607 JIRA References: Sources used: SUSE Manager Tools 12 (src): salt-3000-46.142.2 SUSE Linux Enterprise Module for Advanced Systems Management 12 (src): salt-3000-46.142.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2110-1: An update that solves one vulnerability and has 8 fixes is now available. Category: security (moderate) Bug References: 1173557,1179831,1180583,1180584,1180585,1181368,1182281,1185092,1185281 CVE References: CVE-2021-31607 JIRA References: Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14753-1: An update that solves one vulnerability and has 7 fixes is now available. Category: security (important) Bug References: 1173557,1177884,1177928,1180583,1180584,1180585,1185178,1185281 CVE References: CVE-2021-31607 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (src): golang-github-wrouesnel-postgres_exporter-0.4.7-5.12.1, mgr-cfg-4.2.2-5.15.2, mgr-custom-info-4.2.1-5.9.2, mgr-daemon-4.2.7-5.26.1, mgr-osad-4.2.5-5.27.2, mgr-push-4.2.2-5.9.2, mgr-virtualization-4.2.1-5.17.3, rhnlib-4.2.3-12.31.1, salt-2016.11.10-43.75.1, spacecmd-4.2.8-18.84.1, spacewalk-client-tools-4.2.10-27.50.1, spacewalk-koan-4.2.3-9.21.1, spacewalk-oscap-4.2.1-6.15.3, spacewalk-remote-utils-4.2.1-6.18.2, supportutils-plugin-susemanager-client-4.2.2-9.21.1, suseRegisterInfo-4.2.3-6.15.1, uyuni-common-libs-4.2.3-5.12.1 SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (src): golang-github-wrouesnel-postgres_exporter-0.4.7-5.12.1, mgr-cfg-4.2.2-5.15.2, mgr-custom-info-4.2.1-5.9.2, mgr-daemon-4.2.7-5.26.1, mgr-osad-4.2.5-5.27.2, mgr-push-4.2.2-5.9.2, mgr-virtualization-4.2.1-5.17.3, rhnlib-4.2.3-12.31.1, salt-2016.11.10-43.75.1, spacecmd-4.2.8-18.84.1, spacewalk-client-tools-4.2.10-27.50.1, spacewalk-koan-4.2.3-9.21.1, spacewalk-oscap-4.2.1-6.15.3, spacewalk-remote-utils-4.2.1-6.18.2, supportutils-plugin-susemanager-client-4.2.2-9.21.1, suseRegisterInfo-4.2.3-6.15.1, uyuni-common-libs-4.2.3-5.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14756-1: An update that solves two vulnerabilities, contains three features and has 12 fixes is now available. Category: security (moderate) Bug References: 1171257,1173557,1176293,1179831,1180583,1180584,1180585,1181368,1182281,1182293,1182382,1185092,1185281,1186674 CVE References: CVE-2021-25315,CVE-2021-31607 JIRA References: ECO-3212,SLE-18028,SLE-18033 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2114-1: An update that solves two vulnerabilities and has 17 fixes is now available. Category: security (moderate) Bug References: 1172711,1182817,1184005,1184283,1184311,1184332,1184361,1184471,1184475,1184561,1184617,1184861,1184892,1185097,1185281,1185506,1186124,1186346,1186508 CVE References: CVE-2021-28657,CVE-2021-31607 JIRA References: Sources used: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (src): cobbler-3.0.0+git20190806.32c4bae0-7.22.3, grafana-formula-0.2.3-4.16.3, patterns-suse-manager-4.0-9.19.3, prometheus-exporters-formula-0.7.6-3.19.3, pxe-default-image-sle15-4.0.1-20210621145802, py26-compat-salt-2016.11.10-10.28.3, py27-compat-salt-3000.3-4.3.3, spacewalk-backend-4.0.38-3.47.4, spacewalk-java-4.0.44-3.57.5, spacewalk-utils-4.0.21-3.30.3, spacewalk-web-4.0.28-3.45.1, susemanager-4.0.34-3.52.3, susemanager-doc-indexes-4.0-10.36.4, susemanager-docs_en-4.0-10.36.3, susemanager-sls-4.0.35-3.48.3, tika-core-1.26-3.6.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:2106-1: An update that solves 7 vulnerabilities, contains three features and has three fixes is now available. Category: security (critical) Bug References: 1171257,1176293,1179831,1181368,1182281,1182293,1182382,1185092,1185281,1186674 CVE References: CVE-2018-15750,CVE-2018-15751,CVE-2020-11651,CVE-2020-11652,CVE-2020-25592,CVE-2021-25315,CVE-2021-31607 JIRA References: ECO-3212,SLE-18028,SLE-18033 Sources used: SUSE MicroOS 5.0 (src): python-distro-1.5.0-3.5.1, salt-3002.2-37.1 SUSE Linux Enterprise Module for Transactional Server 15-SP2 (src): salt-3002.2-37.1 SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): salt-3002.2-37.1 SUSE Linux Enterprise Module for Python2 15-SP3 (src): python-distro-1.5.0-3.5.1 SUSE Linux Enterprise Module for Python2 15-SP2 (src): python-distro-1.5.0-3.5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): python-distro-1.5.0-3.5.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): python-distro-1.5.0-3.5.1, salt-3002.2-37.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:14755-1: An update that solves two vulnerabilities, contains three features and has 12 fixes is now available. Category: security (moderate) Bug References: 1171257,1173557,1176293,1179831,1180583,1180584,1180585,1181368,1182281,1182293,1182382,1185092,1185281,1186674 CVE References: CVE-2021-25315,CVE-2021-31607 JIRA References: ECO-3212,SLE-18028,SLE-18033 Sources used: NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0899-1: An update that solves 7 vulnerabilities, contains three features and has three fixes is now available. Category: security (critical) Bug References: 1171257,1176293,1179831,1181368,1182281,1182293,1182382,1185092,1185281,1186674 CVE References: CVE-2018-15750,CVE-2018-15751,CVE-2020-11651,CVE-2020-11652,CVE-2020-25592,CVE-2021-25315,CVE-2021-31607 JIRA References: ECO-3212,SLE-18028,SLE-18033 Sources used: openSUSE Leap 15.2 (src): salt-3002.2-lp152.3.36.1
openSUSE-SU-2021:1951-1: An update that solves one vulnerability, contains three features and has one errata is now available. Category: security (important) Bug References: 1185281,1186674 CVE References: CVE-2021-31607 JIRA References: ECO-3212,SLE-18028,SLE-18033 Sources used: openSUSE Leap 15.3 (src): salt-3002.2-8.41.8.1
openSUSE-SU-2021:2106-1: An update that solves 7 vulnerabilities, contains three features and has three fixes is now available. Category: security (critical) Bug References: 1171257,1176293,1179831,1181368,1182281,1182293,1182382,1185092,1185281,1186674 CVE References: CVE-2018-15750,CVE-2018-15751,CVE-2020-11651,CVE-2020-11652,CVE-2020-25592,CVE-2021-25315,CVE-2021-31607 JIRA References: ECO-3212,SLE-18028,SLE-18033 Sources used: openSUSE Leap 15.3 (src): python-distro-1.5.0-3.5.1
Done.