SaltStack Salt CVE-2014-3563 Multiple Insecure Temporary File Creation Vulnerabilities

Bugtraq ID:	69319
Class:	Design Error
CVE:	CVE-2014-3563
Remote:	No
Local:	Yes
Published:	Aug 21 2014 12:00AM
Updated:	Aug 21 2014 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:
Not Vulnerable:

SaltStack Salt CVE-2014-3563 Multiple Insecure Temporary File Creation Vulnerabilities

Salt is prone to multiple insecure temporary-file-creation vulnerabilities because it creates temporary files in an insecure manner

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to corrupt sensitive files or gain access to sensitive information. Other attacks may also be possible.

SaltStack Salt CVE-2014-3563 Multiple Insecure Temporary File Creation Vulnerabilities

An attacker uses readily available commands to exploit this issue.

SaltStack Salt CVE-2014-3563 Multiple Insecure Temporary File Creation Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

SaltStack Salt CVE-2014-3563 Multiple Insecure Temporary File Creation Vulnerabilities

References: