Hackers hit remotely rootable SaltStack systems

By on
Hackers hit remotely rootable SaltStack systems

Patch, and do not expose Salt masters to the internet.

SaltStack digital infrastructure automation systems are presently under attack with two critical vulnerabilties that allow remote code execution with the root superuser privileges being exploited.

The flaws were found by Finnish security vendor F-Secure early last month, and affect the SaltStack Salt master which sends updates to Salt minions that control servers, often large amounts of them.

Remote attackers can exploit the CVE-2020-11651 flaw to get un-authenticated access to Salt masters with root-equivalent privileges, F-Secure said.

A directory traversal vulnerability (CVE-2020-11652) allows attackers to escape path restrictions and to read files outside the intended directory.

F-Secure said that the vulnerabilities that are rated as the highest 10.0 severity, and added that they are reliable and simple to exploit.

The Salt Open Core Team of developers have confirmed the vulnerability in Salt master version 3000.1 and earlier, and released the patched versions 3000.2 and 2019.2.4.

Although SaltStack warns users not to expose the Salt master to the internet, F-Secure researcher Olle Segerdahl found 6000 vulnerable systems openly accessible, which he said are very popular in clouds like Amazon Web Services and Google Compute Platform. 

Segerdahl warned customers last Friday to patch the Salt vulnerabilities or face being exploited.

Over the weekend, several organisations such as the LineageOS Android distribution, the Ghost blogging platform, and the DigiCert private key infrastructure management company were compromised using the Salt vulnerabilties.

Although the remote root access could be used to exfiltrate data such as digital keys stored by DigiCert and deploying ransomware, they appear to have so far only installed crypto currency mining software.

In the case of Ghost, the crypto miner overloaded the organisation's servers causing an outage.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
fsecuresaltstacksecurity

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform
Telstra to open its 5G network to wholesale customers

Telstra to open its 5G network to wholesale customers
Active Directory defaults lead to no-fix PrivEsc vulnerability

Active Directory defaults lead to no-fix PrivEsc vulnerability
Westpac promotes its head of technology to mortgage role

Westpac promotes its head of technology to mortgage role

Digital Nation

The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner

Log In

  |  Forgot your password?