PT-2017-13634 · Saltstack+3 · Saltstack Salt+3

Published

2017-04-07

·

Updated

2022-05-17

·

CVE-2017-14696

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions SaltStack Salt versions prior to 2017.7.2 SaltStack Salt versions 2016.11.x prior to 2016.11.8 SaltStack Salt versions 2016.3.x prior to 2016.3.8
Description The issue allows remote attackers to cause a denial of service via a crafted authentication request.
Recommendations For SaltStack Salt versions 2016.3.x prior to 2016.3.8, update to version 2016.3.8 or later. For SaltStack Salt versions 2016.11.x prior to 2016.11.8, update to version 2016.11.8 or later. For SaltStack Salt versions 2017.7.x prior to 2017.7.2, update to version 2017.7.2 or later.

Fix

DoS

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

ALT-PU-2017-1436
ALT-PU-2017-2801
CVE-2017-14696
GHSA-657P-CJ5R-MJRH
OPENSUSE-SU-2024:11364-1
PYSEC-2017-37
SUSE-SU-2017:3380-1
SUSE-SU-2017:3381-1
SUSE-SU-2018:1757-1
SUSE-SU-2018:3811-1
USN-4769-1

Affected Products

Alt Linux
Saltstack Salt
Suse
Ubuntu