Recent Salt Vulnerabilities Exploited to Hack LineageOS, Ghost, DigiCert Servers
martyb writes:
Recent Salt Vulnerabilities Exploited to Hack LineageOS, Ghost, DigiCert Servers
Over the past several days, hackers have exploited two recently disclosed Salt vulnerabilities to compromise the servers of LineageOS, Ghost and DigiCert.
Managed by SaltStack, Salt is an open-source configuration tool to monitor and update the state of servers in both datacenters and cloud environments. Called minions, agents installed on servers connect to a master to deliver state reports (to a "request server") and receive updates (from a "publish server").
Last week, F-Secure security researchers disclosed two vulnerabilities in Salt (CVE-2020-11651 and CVE-2020-11652) that could allow remote attackers to execute commands as root on "master" and connected minions. The most severe of the bugs has a CVSS score of 10.
The vulnerabilities could allow an attacker to bypass authentication and authorization controls, "and publish arbitrary control messages, read and write files anywhere on the 'master' server filesystem and steal the secret key used to authenticate to the master as root," F-Secure said last week.
The security firm warned that attackers would likely devise exploits for the vulnerabilities within 24 hours after the report became public: "Patch by Friday or compromised by Monday," F-Secure Principal Consultant Olle Segerdahl said on Thursday.
Over the weekend, attacks looking to exploit the two security flaws were observed, with LineageOS, Ghost, and DigiCert being among the first to fall victim.
[...] SaltStack released patches for the vulnerabilities last week, with Salt version 3000.2 addressing them. Salt version number 2019.2.4, which was released for the previous major version of the tool, also includes the patches.
Related: Critical Vulnerability in Salt Requires Immediate Patching
See notices from LineageOS, Ghost, and DigiCert.
Also at: The Register.
Separately, RamNode, who hosts our backups server, sent an email reporting they also got hit:
Read more of this story at SoylentNews.