iTnews
  • Home
  • News
  • Technology
  • Security

Hackers hit remotely rootable SaltStack systems

By Juha Saarinen on May 4, 2020 1:52PM
Hackers hit remotely rootable SaltStack systems

Patch, and do not expose Salt masters to the internet.

SaltStack digital infrastructure automation systems are presently under attack with two critical vulnerabilties that allow remote code execution with the root superuser privileges being exploited.

The flaws were found by Finnish security vendor F-Secure early last month, and affect the SaltStack Salt master which sends updates to Salt minions that control servers, often large amounts of them.

Remote attackers can exploit the CVE-2020-11651 flaw to get un-authenticated access to Salt masters with root-equivalent privileges, F-Secure said.

A directory traversal vulnerability (CVE-2020-11652) allows attackers to escape path restrictions and to read files outside the intended directory.

F-Secure said that the vulnerabilities that are rated as the highest 10.0 severity, and added that they are reliable and simple to exploit.

You are a SaltStack user and since few hours all your minions' CPU are stuck at 100 % ? You see processes like /var/tmp/salt-store and /tmp/salt-minions running ?
Your Salt Master has been hacked and used for sending rogue command to your minions. Upgrade your Salt version ASAP.

— Jonathan (@TehHarry) May 3, 2020

The Salt Open Core Team of developers have confirmed the vulnerability in Salt master version 3000.1 and earlier, and released the patched versions 3000.2 and 2019.2.4.

Although SaltStack warns users not to expose the Salt master to the internet, F-Secure researcher Olle Segerdahl found 6000 vulnerable systems openly accessible, which he said are very popular in clouds like Amazon Web Services and Google Compute Platform. 

Segerdahl warned customers last Friday to patch the Salt vulnerabilities or face being exploited.

Over the weekend, several organisations such as the LineageOS Android distribution, the Ghost blogging platform, and the DigiCert private key infrastructure management company were compromised using the Salt vulnerabilties.

Although the remote root access could be used to exfiltrate data such as digital keys stored by DigiCert and deploying ransomware, they appear to have so far only installed crypto currency mining software.

In the case of Ghost, the crypto miner overloaded the organisation's servers causing an outage.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
fsecuresaltstacksecurity

Partner Content

Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Juha Saarinen
May 4 2020
1:52PM
0 Comments

Related Articles

  • Serious vulnerabilities found in HP printer models
  • Monash University opens public bug bounty
  • Sophisticated ZuoRAT attack targets home workers
  • Routing security falling short in Australian, New Zealand networks
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Researchers hacked Oracle servers to demo serious vulnerability

Researchers hacked Oracle servers to demo serious vulnerability
PayTo rollout kicks off

PayTo rollout kicks off
Australian scientists build world's first quantum computer IC

Australian scientists build world's first quantum computer IC

Digital Nation

The security threat of quantum computing
The security threat of quantum computing
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.