CVE-2017-8109

NameCVE-2017-8109
DescriptionThe salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs861219

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
saltsourcejessie(not affected)
saltsourcestretch2016.11.2+ds-1+deb9u2
saltsource(unstable)2016.11.5+ds-1861219

Notes

[jessie] - salt <not-affected> (Vulnerable code not present)
https://github.com/saltstack/salt/issues/40075
https://github.com/saltstack/salt/pull/40609
https://github.com/saltstack/salt/commit/8492cef7a5c8871a3978ffc2f6e48b3b960e0151
Search for package or bug name: Reporting problems