Skip to content
This repository has been archived by the owner on Sep 22, 2020. It is now read-only.

CI and check script issues #11

Open
rossengeorgiev opened this issue May 7, 2020 · 0 comments
Open

CI and check script issues #11

rossengeorgiev opened this issue May 7, 2020 · 0 comments
Labels
bug Something isn't working

Comments

@rossengeorgiev
Copy link
Owner

rossengeorgiev commented May 7, 2020
edited
Loading

After setting up travis, a number of issues surfaced.

  1. In the test phase, before applying patch, we can see write1 check reporting NO result. That result is incorrect.

[+] Checking if vulnerable to CVE-2020-11652 (write1)... NO

We can see below that the salt-master is trying to create /tmp, which already exists, and throws. In the code the previous line checks with os.path.isdir whether the path is directory, which it is. That code path shouldn't have been executed.

https://travis-ci.org/github/rossengeorgiev/salt-security-backports/jobs/684437783#L403

The issue can be replicated in vbox. However, if you change directories, use ls or any other filesystem operation, it magically starts working.

$ vagrant up salt2018.3.5
$ vagrant ssh salt2018.3.5 -c 'sudo -i'
root@salt2018:~# cd /vagrant/
root@salt2018:/vagrant# python salt-cve-check.py
[+] Python version: 2.7.12
[+] Salt version: 2018.3.5
[ ] This version of salt is vulnerable! Check results below
[+] Checking salt-master (127.0.0.1:4506) status... ONLINE
[+] Checking if vulnerable to CVE-2020-11651... YES
[+] Checking if vulnerable to CVE-2020-11652 (read_token)... YES
[+] Checking if vulnerable to CVE-2020-11652 (read)... YES
[+] Checking if vulnerable to CVE-2020-11652 (write1)... NO
[+] Checking if vulnerable to CVE-2020-11652 (write2)... YES
[ ] All checks completed.
root@salt2018:/vagrant# cd /tmp; cd /vagrant
root@salt2018:/vagrant# python salt-cve-check.py
[+] Python version: 2.7.12
[+] Salt version: 2018.3.5
[ ] This version of salt is vulnerable! Check results below
[+] Checking salt-master (127.0.0.1:4506) status... ONLINE
[+] Checking if vulnerable to CVE-2020-11651... YES
[+] Checking if vulnerable to CVE-2020-11652 (read_token)... YES
[+] Checking if vulnerable to CVE-2020-11652 (read)... YES
[+] Checking if vulnerable to CVE-2020-11652 (write1)... YES
[+] Checking if vulnerable to CVE-2020-11652 (write2)... YES
[ ] All checks completed.

  1. on Salt 3000, get_token has the path traversal, but if the contents of the file are invalid, it will delete it and respond. The check result is then incorrect.

  2. salt 30003000.1 on py3, zeromq crash. https://travis-ci.org/github/rossengeorgiev/salt-security-backports/jobs/684478056
@rossengeorgiev rossengeorgiev added the bug Something isn't working label May 7, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rossengeorgiev