CVE-2015-1839
published 2017-04-13CVE-2015-1839: modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
PriorityP421medium5.3CVSS 3.0
AVLACLPRLUINSUCLILAL
EPSS
0.43%
34.1th percentile
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| saltstack | salt | < 22d2f7a1ec93300c34e8c42d14ec39d51e610b5c | 22d2f7a1ec93300c34e8c42d14ec39d51e610b5c |
| saltstack | salt | <= 2014.7.3 | — |
| saltstack | salt | >= 0 < 2014.7.4 | 2014.7.4 |
| saltstack | salt | >= 0 < b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81 | b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81 |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
SaltStack has insecure /tmp file handling in salt/modules/chef.py
osv·2022-05-17
CVE-2015-1839 [MEDIUM] SaltStack has insecure /tmp file handling in salt/modules/chef.py
SaltStack has insecure /tmp file handling in salt/modules/chef.py
`modules/chef.py` in SaltStack before 2014.7.4 does not properly handle files in `/tmp`.
GHSA
SaltStack has insecure /tmp file handling in salt/modules/chef.py
ghsa·2022-05-17
CVE-2015-1839 [MEDIUM] SaltStack has insecure /tmp file handling in salt/modules/chef.py
SaltStack has insecure /tmp file handling in salt/modules/chef.py
`modules/chef.py` in SaltStack before 2014.7.4 does not properly handle files in `/tmp`.
OSV
CVE-2015-1839: modules/chef
osv·2017-04-13
CVE-2015-1839 CVE-2015-1839: modules/chef
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
Red Hat
libxml2: heap-buffer overread in dict.c
vendor_redhat·2016-01-26·CVSS 7.5
CVE-2015-8806 [HIGH] CWE-122 libxml2: heap-buffer overread in dict.c
libxml2: heap-buffer overread in dict.c
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
Statement: This flaw was found to be a duplicate of CVE-2016-1839. Please see https://access.redhat.com/security/cve/CVE-2016-1839 for information about affected products and security errata.
Package: libxml2 (Red Hat Enterprise Linux 5) - Not affected
Package: libxml2 (Red Hat Enterprise Linux 6) - Not affected
Package: libxml2 (Red Hat Enterprise Linux 7) - Not affected
Red Hat
salt: insecure /tmp file handling in salt/modules/chef.py
vendor_redhat·2015-03-25·CVSS 5.3
CVE-2015-1839 [MEDIUM] CWE-377 salt: insecure /tmp file handling in salt/modules/chef.py
salt: insecure /tmp file handling in salt/modules/chef.py
modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
Statement: This issue did not affect versions of salt as shipped with Red Hat Red Hat Ceph Storage as they did not include the vulnerable module.
Package: salt (Red Hat Ceph Storage 1.2) - Not affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-8806 libxml2: heap-buffer overread in dict.c
bugzilla·2016-02-04·CVSS 7.5
CVE-2015-8806 [HIGH] CVE-2015-8806 libxml2: heap-buffer overread in dict.c
CVE-2015-8806 libxml2: heap-buffer overread in dict.c
A heap-buffer overread vulnerability was found in libxml2. A specially crafted file can cause the application to crash.
External bugzilla report with reproducer:
https://bugzilla.gnome.org/show_bug.cgi?id=749115
CVE assignment:
http://seclists.org/oss-sec/2016/q1/277
Discussion:
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1304638]
---
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1304639]
Affects: epel-7 [bug 1304640]
---
I believe that this is actually a duplicate of CVE-2016-2073
---
Actually marking this duplicate of CVE-2016-1839, to follow upstream.
*** This bug has been marked as a duplicate of bug 1338703 ***
---
Statement:
This flaw was found to be a du
Bugzilla
CVE-2015-1839 CVE-2015-1838 salt: various flaws [epel-all]
bugzilla·2015-04-17·CVSS 5.3
CVE-2015-1839 [MEDIUM] CVE-2015-1839 CVE-2015-1838 salt: various flaws [epel-all]
CVE-2015-1839 CVE-2015-1838 salt: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. W
Bugzilla
CVE-2015-1839 salt: insecure /tmp file handling in salt/modules/chef.py
bugzilla·2015-04-17·CVSS 5.3
CVE-2015-1839 [MEDIUM] CVE-2015-1839 salt: insecure /tmp file handling in salt/modules/chef.py
CVE-2015-1839 salt: insecure /tmp file handling in salt/modules/chef.py
Michael Scherer of Red Hat reported an insecure /tmp file handling in salt/modules/chef.py in SaltStack.
This issue is fixed in SaltStack version 2014.7.4 with these commits:
https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c
https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81
External References:
http://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html
Acknowledgements:
Red Hat would like to thank Michael Scherer of Red Hat for reporting this issue.
Statement:
This issue did not affect versions of salt as shipped with Red Hat Red Hat Ceph Storage as they did not include the vulnerable module.
Discussion:
Created salt tracking bugs for this
Bugzilla
CVE-2015-1839 CVE-2015-1838 salt: various flaws [fedora-all]
bugzilla·2015-04-17·CVSS 5.3
CVE-2015-1839 [MEDIUM] CVE-2015-1839 CVE-2015-1838 salt: various flaws [fedora-all]
CVE-2015-1839 CVE-2015-1838 salt: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While onl
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1212788https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.htmlhttps://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5chttps://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1212788https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.htmlhttps://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5chttps://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81
2017-04-13
Published