Detections
Analytics

FreeBSD : py-salt -- potential shell injection vulnerabilities (865863af-fb5e-11e4-8fda-002590263bf5)

high Nessus Plugin ID 83798

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Colton Myers reports :

In order to fix potential shell injection vulnerabilities in salt modules, a change has been made to the various cmd module functions.
These functions now default to python_shell=False, which means that the commands will not be sent to an actual shell.

The largest side effect of this change is that 'shellisms', such as pipes, will not work by default. The modules shipped with salt have been audited to fix any issues that might have arisen from this change. Additionally, the cmd state module has been unaffected, and use of cmd.run in jinja is also unaffected. cmd.run calls on the CLI will also allow shellisms.

However, custom execution modules which use shellisms in cmd calls will break, unless you pass python_shell=True to these calls.

As a temporary workaround, you can set cmd_safe: False in your minion and master configs. This will revert the default, but is also less secure, as it will allow shell injection vulnerabilities to be written in custom code. We recommend you only set this setting for as long as it takes to resolve these issues in your custom code, then remove the override.

Solution

Update the affected package.

See Also

http://docs.saltstack.com/en/latest/topics/releases/2015.5.0.html

http://www.nessus.org/u?844f5dbb

Plugin Details

Severity: High

ID: 83798

File Name: freebsd_pkg_865863affb5e11e48fda002590263bf5.nasl

Version: 2.4

Type: local

Published: 5/26/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:py27-salt, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/24/2015

Vulnerability Publication Date: 5/11/2015