965403 – (CVE-2016-1866) VUL-0: CVE-2016-1866: salt: Improper handling of clear messages on the minion remote code execution

Bug 965403 (CVE-2016-1866) - VUL-0: CVE-2016-1866: salt: Improper handling of clear messages on the minion remote code execution

Summary: VUL-0: CVE-2016-1866: salt: Improper handling of clear messages on the minion...

Status:	RESOLVED FIXED

Alias:	CVE-2016-1866

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other All

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/161600/
Whiteboard:	CVSSv3.1:SUSE:CVE-2016-1866:8.1:(AV:N...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-02-05 19:06 UTC by Andreas Stieger
Modified:	2022-09-21 08:24 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2016-02-05 19:06:17 UTC

https://docs.saltstack.com/en/latest/topics/releases/2015.8.5.html
https://docs.saltstack.com/en/latest/topics/releases/2015.8.4.html

Security Fix

CVE-2016-1866: Improper handling of clear messages on the minion, which could result in executing commands not sent by the master.

This issue affects only the 2015.8.x releases of Salt. In order for an attacker to use this attack vector, they would have to execute a successful attack on an existing TCP connection between minion and master on the pub port. It does not allow an external attacker to obtain the shared secret or decrypt any encrypted traffic between minion and master.

Fixed in 2015.8.4 (which has a regression fixed in 2015.8.5)


Affects openSUSE Leap 42.1 only (2015.8.3)
SLE based products not affected by version.

Comment 1 Niels Abspoel 2016-02-05 19:11:15 UTC

See: request:

https://build.opensuse.org/request/show/357976

Comment 4 Andreas Stieger 2016-02-28 18:30:09 UTC

Submission received for openSUSE Leap 42.1 maintenance, taking salt to 2015.8.7. Assigning back to security team.

Comment 6 Swamp Workflow Management 2016-03-08 16:16:27 UTC

openSUSE-SU-2016:0694-1: An update that solves one vulnerability and has three fixes is now available.

Category: security (moderate)
Bug References: 958350,959572,963322,965403
CVE References: CVE-2016-1866
Sources used:
openSUSE Leap 42.1 (src):    salt-2015.8.7-13.1

Comment 7 Marcus Meissner 2017-06-15 21:27:26 UTC

released, also sle12 has gotten newer salt.

Comment 9 Swamp Workflow Management 2018-10-05 13:31:46 UTC

SUSE-RU-2018:3021-1: An update that solves 5 vulnerabilities and has 125 fixes is now available.

Category: recommended (moderate)
Bug References: 1002529,1004047,1004260,1004723,1008933,1011304,1011800,1012398,1012999,1017078,1019386,1020831,1022562,1022841,1023535,1025896,1027044,1027240,1027722,1030009,1030073,1032213,1032452,1032931,1035914,1036125,1038855,1039370,1040886,1041993,1042749,1043111,1050003,1051948,1052264,1053376,1053955,1057635,1059291,1059758,1060230,1061407,1062462,1062464,1063419,1064520,1065792,1068446,1068566,1071322,1072599,1075950,1079048,1081592,1087055,1087278,1087581,1087891,1088888,1089112,1089362,1089526,1091371,1092161,1092373,1094055,1095507,1095651,1095942,1096514,1097174,1097413,1098394,1099323,1099460,1099945,1100142,1100225,1100697,1101812,1101880,1102013,1102218,1102265,1103530,1103699,1104154,1106164,1108969,849184,849204,849205,955373,958350,959572,963322,965403,967803,969320,970669,971372,972311,972490,975093,975303,975306,975733,975757,976148,978150,978833,979448,979676,980313,983017,983512,985112,985661,986019,988506,989193,989798,990029,990439,990440,991048,993039,993549,996455,999852
CVE References: CVE-2016-1866,CVE-2016-9639,CVE-2017-12791,CVE-2017-14695,CVE-2017-14696
Sources used:
SUSE CaaS Platform 3.0 (src):    salt-2018.3.0-2.3.2, sles12-salt-api-image-3.1.0-3.3.2, sles12-salt-master-image-3.1.0-4.3.2, sles12-salt-minion-image-3.1.0-3.3.2

Comment 11 Swamp Workflow Management 2019-02-27 17:26:36 UTC

SUSE-OU-2019:13965-1: An update that solves 7 vulnerabilities and has 144 fixes is now available.

Category: optional (low)
Bug References: 1002529,1004047,1004260,1004723,1008933,1011304,1011800,1012398,1012999,1017078,1019386,1020831,1022562,1022841,1023535,1025896,1027044,1027240,1027722,1030009,1030073,1032213,1032452,1032931,1035914,1036125,1038855,1039370,1040886,1041993,1042749,1043111,1050003,1051948,1052264,1053376,1053955,1057635,1059291,1059758,1060230,1061407,1062462,1062464,1063419,1064520,1065792,1068446,1068566,1071322,1072599,1075950,1079048,1081592,1087055,1087278,1087581,1087891,1088888,1089112,1089362,1089526,1091371,1092161,1092373,1094055,1095507,1095651,1095942,1096514,1097174,1097413,1098394,1099323,1099460,1099887,1099945,1100142,1100225,1100697,1101812,1101880,1102013,1102218,1102265,1103530,1104154,1104491,1106164,1107333,1108557,1108834,1108969,1108995,1109893,1110938,1112874,1113698,1113699,1113784,1114029,1114197,1114474,1114824,1116837,1117995,1121091,1123044,1123512,1123865,849184,849204,849205,955373,958350,959572,963322,965403,967803,969320,970669,971372,972311,972490,975093,975303,975306,975733,975757,976148,978150,978833,979448,979676,980313,983017,983512,985112,985661,986019,988506,989193,989798,990029,990439,990440,991048,993039,993549,996455,999852
CVE References: CVE-2016-1866,CVE-2016-9639,CVE-2017-12791,CVE-2017-14695,CVE-2017-14696,CVE-2018-15750,CVE-2018-15751
Sources used:

Comment 12 Swamp Workflow Management 2019-02-27 18:05:19 UTC

SUSE-OU-2019:13964-1: An update that solves 7 vulnerabilities and has 144 fixes is now available.

Category: optional (low)
Bug References: 1002529,1004047,1004260,1004723,1008933,1011304,1011800,1012398,1012999,1017078,1019386,1020831,1022562,1022841,1023535,1025896,1027044,1027240,1027722,1030009,1030073,1032213,1032452,1032931,1035914,1036125,1038855,1039370,1040886,1041993,1042749,1043111,1050003,1051948,1052264,1053376,1053955,1057635,1059291,1059758,1060230,1061407,1062462,1062464,1063419,1064520,1065792,1068446,1068566,1071322,1072599,1075950,1079048,1081592,1087055,1087278,1087581,1087891,1088888,1089112,1089362,1089526,1091371,1092161,1092373,1094055,1095507,1095651,1095942,1096514,1097174,1097413,1098394,1099323,1099460,1099887,1099945,1100142,1100225,1100697,1101812,1101880,1102013,1102218,1102265,1103530,1104154,1104491,1106164,1107333,1108557,1108834,1108969,1108995,1109893,1110938,1112874,1113698,1113699,1113784,1114029,1114197,1114474,1114824,1116837,1117995,1121091,1123044,1123512,1123865,849184,849204,849205,955373,958350,959572,963322,965403,967803,969320,970669,971372,972311,972490,975093,975303,975306,975733,975757,976148,978150,978833,979448,979676,980313,983017,983512,985112,985661,986019,988506,989193,989798,990029,990439,990440,991048,993039,993549,996455,999852
CVE References: CVE-2016-1866,CVE-2016-9639,CVE-2017-12791,CVE-2017-14695,CVE-2017-14696,CVE-2018-15750,CVE-2018-15751
Sources used:

Comment 15 Swamp Workflow Management 2020-06-23 16:43:49 UTC

SUSE-SU-2020:14402-1: An update that solves 11 vulnerabilities and has 245 fixes is now available.

Category: security (moderate)
Bug References: 1002529,1003449,1004047,1004260,1004723,1008933,1011304,1011800,1012398,1012999,1013876,1013938,1015882,1017078,1019386,1020831,1022562,1022841,1023535,1024406,1025896,1027044,1027240,1027426,1027722,1030009,1030073,1032213,1032452,1032931,1035914,1036125,1038855,1039370,1040886,1041993,1042749,1043111,1044719,1050003,1051948,1052264,1053376,1053955,1057635,1059291,1059758,1060230,1061407,1062462,1062464,1063419,1064520,1065792,1068446,1068566,1070372,1071322,1072599,1075950,1076578,1079048,1080290,1081151,1081592,1083294,1085667,1087055,1087278,1087581,1087891,1088070,1088888,1089112,1089362,1089526,1091371,1092161,1092373,1094055,1094190,1095507,1095651,1095942,1096514,1097174,1097413,1098394,1099323,1099460,1099887,1099945,1100142,1100225,1100697,1101780,1101812,1101880,1102013,1102218,1102265,1102819,1103090,1103530,1103696,1104034,1104154,1104491,1106164,1107333,1108557,1108834,1108969,1108995,1109023,1109893,1110938,1111542,1112874,1113698,1113699,1113784,1114029,1114197,1114474,1114824,1116343,1116837,1117995,1121091,1121439,1122663,1122680,1123044,1123512,1123865,1124277,1125015,1125610,1125744,1127389,1128061,1128554,1129079,1129243,1130077,1130588,1130784,1131114,1132076,1133523,1133647,1134860,1135360,1135507,1135567,1135732,1135881,1137642,1138454,1139761,1140193,1140912,1143301,1146192,1146382,1148311,1148714,1150447,1151650,1151947,1152366,1153090,1153277,1153611,1154620,1154940,1155372,1157465,1157479,1158441,1159284,1162327,1162504,1163871,1163981,1165425,1165572,1167437,1167556,1168340,1169604,1169800,1170104,1170288,1170595,1171687,1171906,1172075,1173072,769106,769108,776615,849184,849204,849205,879904,887879,889605,892707,902494,908849,926318,932288,945380,948245,955373,958350,959572,963322,965403,967803,969320,970669,971372,972311,972490,975093,975303,975306,975733,975757,976148,977264,978150,978833,979448,979676,980313,983017,983512,985112,985661,986019,987798,988506,989193,989798,990029,990439,990440,991048,993039,993549,996455,999852
CVE References: CVE-2016-1866,CVE-2016-9639,CVE-2017-12791,CVE-2017-14695,CVE-2017-14696,CVE-2018-15750,CVE-2018-15751,CVE-2019-17361,CVE-2019-18897,CVE-2020-11651,CVE-2020-11652
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Swamp Workflow Management 2020-07-21 04:42:49 UTC

SUSE-SU-2020:14431-1: An update that solves 11 vulnerabilities and has 251 fixes is now available.

Category: security (moderate)
Bug References: 1002529,1003449,1004047,1004260,1004723,1008933,1011304,1011800,1012398,1012999,1013876,1013938,1015882,1017078,1019386,1020831,1022562,1022841,1023535,1024406,1025896,1027044,1027240,1027426,1027722,1030009,1030073,1032213,1032452,1032931,1035914,1036125,1038855,1039370,1040886,1041993,1042749,1043111,1044719,1050003,1051948,1052264,1053376,1053955,1057635,1059291,1059758,1060230,1061407,1062462,1062464,1063419,1064520,1065792,1068446,1068566,1070372,1071322,1072599,1075950,1076578,1079048,1080290,1081151,1081592,1083294,1085667,1087055,1087278,1087581,1087891,1088070,1088888,1089112,1089362,1089526,1091371,1092161,1092373,1094055,1094190,1095507,1095651,1095942,1096514,1097174,1097413,1098394,1099323,1099460,1099887,1099945,1100142,1100225,1100697,1101780,1101812,1101880,1102013,1102218,1102265,1102819,1103090,1103530,1103696,1104034,1104154,1104491,1106164,1107333,1108557,1108834,1108969,1108995,1109023,1109893,1110938,1111542,1112874,1113698,1113699,1113784,1114029,1114197,1114474,1114824,1116343,1116837,1117995,1121091,1121439,1122663,1122680,1123044,1123512,1123865,1124277,1125015,1125610,1125744,1127389,1128061,1128554,1129079,1129243,1130077,1130588,1130784,1131114,1132076,1133523,1133647,1134860,1135360,1135507,1135567,1135656,1135732,1135881,1137642,1138454,1138952,1139761,1140193,1140912,1143301,1146192,1146382,1148311,1148714,1150447,1151650,1151947,1152366,1153090,1153277,1153611,1154620,1154940,1155372,1157465,1157479,1158441,1158940,1159118,1159284,1160931,1162327,1162504,1163871,1165425,1165572,1167437,1167556,1168340,1169604,1169800,1170042,1170104,1170288,1170595,1171687,1171906,1172075,1173072,1174165,769106,769108,776615,849184,849204,849205,879904,887879,889605,892707,902494,908849,926318,932288,945380,948245,955373,958350,959572,963322,965403,967803,969320,970669,971372,972311,972490,975093,975303,975306,975733,975757,976148,977264,978150,978833,979448,979676,980313,983017,983512,985112,985661,986019,987798,988506,989193,989798,990029,990439,990440,991048,993039,993549,996455,999852
CVE References: CVE-2016-1866,CVE-2016-9639,CVE-2017-12791,CVE-2017-14695,CVE-2017-14696,CVE-2018-15750,CVE-2018-15751,CVE-2019-17361,CVE-2019-18897,CVE-2020-11651,CVE-2020-11652
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Swamp Workflow Management 2021-02-08 15:01:08 UTC

SUSE-SU-2021:0315-1: An update that solves 14 vulnerabilities and has 218 fixes is now available.

Category: security (moderate)
Bug References: 1002529,1004047,1004260,1004723,1008933,1011304,1011800,1012398,1012999,1017078,1019386,1020831,1022562,1022841,1023535,1025896,1027044,1027240,1027722,1030009,1030073,1032213,1032452,1032931,1035914,1036125,1038855,1039370,1040886,1041993,1042749,1043111,1050003,1051948,1052264,1053376,1053955,1057635,1059291,1059758,1060230,1061407,1062462,1062464,1063419,1064520,1065792,1068446,1068566,1071322,1072599,1075950,1079048,1081592,1083110,1087055,1087278,1087581,1087891,1088888,1089112,1089362,1089526,1091371,1092161,1092373,1094055,1095507,1095651,1095942,1096514,1097174,1097413,1098394,1099323,1099460,1099887,1099945,1100142,1100225,1100697,1101780,1101812,1101880,1102013,1102218,1102248,1102265,1102819,1103530,1104154,1104491,1106164,1107333,1108557,1108834,1108969,1108995,1109893,1110938,1112874,1113698,1113699,1113784,1114029,1114197,1114474,1114824,1116343,1116837,1117995,1121091,1121439,1122663,1122680,1123044,1123512,1123865,1124277,1125015,1128061,1128554,1129079,1130588,1130784,1131114,1132076,1133523,1133647,1134860,1135360,1135507,1135567,1135656,1135732,1137642,1138952,1139761,1140193,1140912,1143301,1146192,1146382,1148714,1150447,1151650,1151947,1152366,1153611,1154620,1157465,1157479,1158441,1158940,1159118,1159284,1159670,1160931,1162327,1162504,1165425,1165572,1167437,1167556,1168340,1169604,1169800,1170042,1170104,1170288,1170595,1171461,1171906,1172075,1172211,1173072,1173909,1173911,1173936,1174165,1175549,1175987,1176024,1176294,1176397,1176480,1177867,1178319,1178361,1178362,1178485,849184,849204,849205,955373,958350,959572,963322,965403,967803,969320,970669,971372,972311,972490,975093,975303,975306,975733,975757,976148,978150,978833,979448,979676,980313,983017,983512,985112,985661,986019,988506,989193,989798,990029,990439,990440,991048,993039,993549,996455,999852
CVE References: CVE-2016-1866,CVE-2016-9639,CVE-2017-12791,CVE-2017-14695,CVE-2017-14696,CVE-2018-15750,CVE-2018-15751,CVE-2019-17361,CVE-2019-18897,CVE-2020-11651,CVE-2020-11652,CVE-2020-16846,CVE-2020-17490,CVE-2020-25592
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 24 Swamp Workflow Management 2021-02-08 15:36:36 UTC

SUSE-SU-2021:0316-1: An update that solves 14 vulnerabilities and has 218 fixes is now available.

Category: security (moderate)
Bug References: 1002529,1004047,1004260,1004723,1008933,1011304,1011800,1012398,1012999,1017078,1019386,1020831,1022562,1022841,1023535,1025896,1027044,1027240,1027722,1030009,1030073,1032213,1032452,1032931,1035914,1036125,1038855,1039370,1040886,1041993,1042749,1043111,1050003,1051948,1052264,1053376,1053955,1057635,1059291,1059758,1060230,1061407,1062462,1062464,1063419,1064520,1065792,1068446,1068566,1071322,1072599,1075950,1079048,1081592,1083110,1087055,1087278,1087581,1087891,1088888,1089112,1089362,1089526,1091371,1092161,1092373,1094055,1095507,1095651,1095942,1096514,1097174,1097413,1098394,1099323,1099460,1099887,1099945,1100142,1100225,1100697,1101780,1101812,1101880,1102013,1102218,1102248,1102265,1102819,1103530,1104154,1104491,1106164,1107333,1108557,1108834,1108969,1108995,1109893,1110938,1112874,1113698,1113699,1113784,1114029,1114197,1114474,1114824,1116343,1116837,1117995,1121091,1121439,1122663,1122680,1123044,1123512,1123865,1124277,1125015,1128061,1128554,1129079,1130588,1130784,1131114,1132076,1133523,1133647,1134860,1135360,1135507,1135567,1135656,1135732,1137642,1138952,1139761,1140193,1140912,1143301,1146192,1146382,1148714,1150447,1151650,1151947,1152366,1153611,1154620,1157465,1157479,1158441,1158940,1159118,1159284,1159670,1160931,1162327,1162504,1165425,1165572,1167437,1167556,1168340,1169604,1169800,1170042,1170104,1170288,1170595,1171461,1171906,1172075,1172211,1173072,1173909,1173911,1173936,1174165,1175549,1175987,1176024,1176294,1176397,1176480,1177867,1178319,1178361,1178362,1178485,849184,849204,849205,955373,958350,959572,963322,965403,967803,969320,970669,971372,972311,972490,975093,975303,975306,975733,975757,976148,978150,978833,979448,979676,980313,983017,983512,985112,985661,986019,988506,989193,989798,990029,990439,990440,991048,993039,993549,996455,999852
CVE References: CVE-2016-1866,CVE-2016-9639,CVE-2017-12791,CVE-2017-14695,CVE-2017-14696,CVE-2018-15750,CVE-2018-15751,CVE-2019-17361,CVE-2019-18897,CVE-2020-11651,CVE-2020-11652,CVE-2020-16846,CVE-2020-17490,CVE-2020-25592
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.