1500742 – (CVE-2017-14696) CVE-2017-14696 salt: Remote DoS via crafted authentication request

Bug 1500742 (CVE-2017-14696) - CVE-2017-14696 salt: Remote DoS via crafted authentication request

Summary: CVE-2017-14696 salt: Remote DoS via crafted authentication request

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2017-14696
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1500750 1507416 1507418
Blocks:	1500752
TreeView+	depends on / blocked

Reported:	2017-10-11 12:04 UTC by Andrej Nemec
Modified:	2020-11-25 13:46 UTC (History)
CC List:	6 users (show)
Fixed In Version:	salt 2016.3.8, salt 2016.11.8, salt 2017.7.2
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-08 03:29:10 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2017-10-11 12:04:33 UTC

An input validation vulnerability with a specially crafted authentication request was discover in salt. A remote attacker can use this for a Denial of Service attack.

Comment 1 Andrej Nemec 2017-10-11 12:06:46 UTC

References:

https://docs.saltstack.com/en/latest/topics/releases/2017.7.2.html

Comment 2 Andrej Nemec 2017-10-11 12:07:25 UTC

Created salt tracking bugs for this issue:

Affects: epel-all [bug 1500750]

Comment 3 Siddharth Sharma 2017-10-12 10:25:51 UTC

upstream fix:

https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b

Note You need to log in before you can comment on or make changes to this bug.