SaltStack Vulnerabilities SecurityOnion version 2.3.270

[jgiuliano2024]

I just recently updated to version 2.3.270. This is what my Nessus scanner found. Does anyone have a fix?

SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities
Description
According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities:

• After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted. (CVE-2023-20897)

• Git Providers can read from the wrong environment because they get the same cache directory base name.
  (CVE-2023-20898)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
Solution
Upgrade to SaltStack version referenced in the vendor security advisory.
See Also
http://www.nessus.org/u?fe2fc01d
Output

  Path              : Package - salt-master-3004.2-1.el7
  Installed version : 3004.2.1
  Fixed version     : 3005.2

[TOoSmOotH]

We don't use git and we lock the salt ports down to trusted minions. In order to do anything with 2023-20897 you would need to attack from a trusted minion. The worst case scenario there is not having to restart the master service but doing IR on the trusted minion that is launching said DOS attack.

Upgrading to 2.4 will get you the 3006 code.

[jgiuliano2024]

Thank You. I plane on upgrading when we build out our new network. Unless there is now an upgrade path from 2.3 to 2.4?

[TOoSmOotH]

yes, https://docs.securityonion.net/en/2.4/appendix.html