FreeBSD : Salt -- multiple vulnerabilities (3934cc60-f0fa-4eca-be09-c8bd7ae42871)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Salt release notes :

CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug
log

Updated the Git state and execution modules to no longer display HTTPS
basic authentication credentials in loglevel debug output on the Salt
master. These credentials are now replaced with REDACTED in the debug
output. Thanks to Andreas Stieger for bringing this to our attention.

CVE-2015-6941 - win_useradd module and salt-cloud display passwords in
debug log

Updated the win_useradd module return data to no longer include the
password of the newly created user. The password is now replaced with
the string XXX-REDACTED-XXX. Updated the Salt Cloud debug output to no
longer display win_password and sudo_password authentication
credentials. Also updated the Linode driver to no longer display
authentication credentials in debug logs. These credentials are now
replaced with REDACTED in the debug output.

See also :

https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html
http://www.nessus.org/u?5b2790ef

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86431 ()

Bugtraq ID:

CVE ID: CVE-2015-6918
CVE-2015-6941

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now