CVE-2015-1838
published 2017-04-13CVE-2015-1838: modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
PriorityP421medium5.3CVSS 3.0
AVLACLPRLUINSUCLILAL
EPSS
0.43%
34.3th percentile
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| saltstack | salt | <= 2014.7.3 | — |
| saltstack | salt | >= 0 < 2014.7.4 | 2014.7.4 |
| saltstack | salt | >= 0 < e11298d7155e9982749483ca5538e46090caef9c | e11298d7155e9982749483ca5538e46090caef9c |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Salt improper handling of tmp files
ghsa·2022-05-17
CVE-2015-1838 [MEDIUM] Salt improper handling of tmp files
Salt improper handling of tmp files
`modules/serverdensity_device.py` in SaltStack before 2014.7.4 does not properly handle files in `/tmp`.
OSV
Salt improper handling of tmp files
osv·2022-05-17
CVE-2015-1838 [MEDIUM] Salt improper handling of tmp files
Salt improper handling of tmp files
`modules/serverdensity_device.py` in SaltStack before 2014.7.4 does not properly handle files in `/tmp`.
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files
kernel_security·2018-08-23·CVSS 7.2
CVE-2000-1134 [HIGH] namei: allow restricted O_CREAT of FIFOs and regular files
namei: allow restricted O_CREAT of FIFOs and regular files
Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag. The purpose
is to make data spoofing attacks harder. This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection. This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.
This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:
CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489
This list is no
OSV
CVE-2015-1838: modules/serverdensity_device
osv·2017-04-13
CVE-2015-1838 CVE-2015-1838: modules/serverdensity_device
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
Red Hat
salt: insecure /tmp file handling in salt/modules/serverdensity_device.py
vendor_redhat·2015-03-25·CVSS 5.3
CVE-2015-1838 [MEDIUM] CWE-377 salt: insecure /tmp file handling in salt/modules/serverdensity_device.py
salt: insecure /tmp file handling in salt/modules/serverdensity_device.py
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
Statement: This issue did not affect versions of salt as shipped with Red Hat Red Hat Ceph Storage as they did not include the vulnerable module.
Package: salt (Red Hat Ceph Storage 1.2) - Not affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-1839 CVE-2015-1838 salt: various flaws [epel-all]
bugzilla·2015-04-17·CVSS 5.3
CVE-2015-1839 [MEDIUM] CVE-2015-1839 CVE-2015-1838 salt: various flaws [epel-all]
CVE-2015-1839 CVE-2015-1838 salt: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. W
Bugzilla
CVE-2015-1838 salt: insecure /tmp file handling in salt/modules/serverdensity_device.py
bugzilla·2015-04-17·CVSS 5.3
CVE-2015-1838 [MEDIUM] CVE-2015-1838 salt: insecure /tmp file handling in salt/modules/serverdensity_device.py
CVE-2015-1838 salt: insecure /tmp file handling in salt/modules/serverdensity_device.py
Michael Scherer of Red Hat reported an insecure /tmp file handling in salt/modules/serverdensity_device.py in SaltStack.
This issue is fixed in SaltStack version 2014.7.4 with this commit:
https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
External References:
http://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
Acknowledgements:
Red Hat would like to thank Michael Scherer of Red Hat for reporting this issue.
Statement:
This issue did not affect versions of salt as shipped with Red Hat Red Hat Ceph Storage as they did not include the vulnerable module.
Discussion:
Created salt tracking bugs for this issue:
Affects: fedora-all [bug 1212789]
Affects:
Bugzilla
CVE-2015-1839 CVE-2015-1838 salt: various flaws [fedora-all]
bugzilla·2015-04-17·CVSS 5.3
CVE-2015-1839 [MEDIUM] CVE-2015-1839 CVE-2015-1838 salt: various flaws [fedora-all]
CVE-2015-1839 CVE-2015-1838 salt: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While onl
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1212784https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.htmlhttps://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9chttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1212784https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.htmlhttps://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
2017-04-13
Published