CVE-2016-3176
published 2017-01-31CVE-2016-3176: Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication…
PriorityP431medium5.6CVSS 3.0
AVNACHPRNUINSUCLILAL
EPSS
0.87%
54.3th percentile
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| saltstack | salt | <= 2015.5.9 | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | — | — |
| saltstack | salt | >= 0 < 2015.5.10 | 2015.5.10 |
| saltstack | salt | >= 0 < 0.17.5+ds-1ubuntu0.1~esm5 | 0.17.5+ds-1ubuntu0.1~esm5 |
| saltstack | salt | >= 2015.8 < 2015.8.8 | 2015.8.8 |
CVSS provenance
nvdv3.05.6MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv3.3LOW
vendor_redhat5.6MEDIUM
vendor_ubuntu3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
salt vulnerabilities
osv·2026-04-07·CVSS 3.3
CVE-2015-8034 [LOW] salt vulnerabilities
salt vulnerabilities
Zach Malone discovered that Salt did not properly handle permissions to cache
data. A local attacker could possibly use this issue to obtain sensitive
information. (CVE-2015-8034)
Dylan Frese discovered that Salt incorrectly allowed users to specify PAM
service. An attacker could possibly use this issue to bypass authentication.
(CVE-2016-3176)
GHSA
Salt Insecure configuration of PAM external authentication service
ghsa·2022-05-17
CVE-2016-3176 [MEDIUM] CWE-287 Salt Insecure configuration of PAM external authentication service
Salt Insecure configuration of PAM external authentication service
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
OSV
Salt Insecure configuration of PAM external authentication service
osv·2022-05-17
CVE-2016-3176 [MEDIUM] Salt Insecure configuration of PAM external authentication service
Salt Insecure configuration of PAM external authentication service
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
OSV
CVE-2016-3176: Salt before 2015
osv·2017-01-31
CVE-2016-3176 CVE-2016-3176: Salt before 2015
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
Ubuntu
Salt vulnerabilities
vendor_ubuntu·2026-04-07·CVSS 3.3
CVE-2016-3176 [LOW] Salt vulnerabilities
Title: Salt vulnerabilities
Summary: Several security issues were fixed in Salt.
Zach Malone discovered that Salt did not properly handle permissions to cache
data. A local attacker could possibly use this issue to obtain sensitive
information. (CVE-2015-8034)
Dylan Frese discovered that Salt incorrectly allowed users to specify PAM
service. An attacker could possibly use this issue to bypass authentication.
(CVE-2016-3176)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
salt: insecure configuration of PAM external authentication service
vendor_redhat·2016-03-23·CVSS 5.6
CVE-2016-3176 [MEDIUM] CWE-287 salt: insecure configuration of PAM external authentication service
salt: insecure configuration of PAM external authentication service
Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.
Package: salt (Red Hat Ceph Storage 1.2) - Will not fix
Package: salt (Red Hat Ceph Storage 1.3) - Will not fix
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-3176 salt: insecure configuration of PAM external authentication service
bugzilla·2016-03-24·CVSS 5.6
CVE-2016-3176 [MEDIUM] CVE-2016-3176 salt: insecure configuration of PAM external authentication service
CVE-2016-3176 salt: insecure configuration of PAM external authentication service
This issue involves passing an alternative PAM authentication service with a command that is sent to LocalClient, enabling the attacker to bypass the configured authentication service.
External references:
https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html
https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html
Discussion:
Created salt tracking bugs for this issue:
Affects: fedora-all [bug 1320867]
Affects: epel-6 [bug 1320868]
Affects: epel-7 [bug 1320869]
Bugzilla
CVE-2016-3176 salt: insecure configuration of PAM external authentication service [epel-7]
bugzilla·2016-03-24·CVSS 5.6
CVE-2016-3176 [MEDIUM] CVE-2016-3176 salt: insecure configuration of PAM external authentication service [epel-7]
CVE-2016-3176 salt: insecure configuration of PAM external authentication service [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tra
Bugzilla
CVE-2016-3176 salt: insecure configuration of PAM external authentication service [fedora-all]
bugzilla·2016-03-24·CVSS 5.6
CVE-2016-3176 [MEDIUM] CVE-2016-3176 salt: insecure configuration of PAM external authentication service [fedora-all]
CVE-2016-3176 salt: insecure configuration of PAM external authentication service [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppo
Bugzilla
CVE-2016-3176 salt: insecure configuration of PAM external authentication service [epel-6]
bugzilla·2016-03-24·CVSS 5.6
CVE-2016-3176 [MEDIUM] CVE-2016-3176 salt: insecure configuration of PAM external authentication service [epel-6]
CVE-2016-3176 salt: insecure configuration of PAM external authentication service [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tra
2017-01-31
Published