automatic module_metadata_base.json update

msjenkins-r7 · msjenkins-r7 · commit 6549c12473a5 · 2021-03-31T14:58:01.000-05:00
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -61028,6 +61028,68 @@
     },
     "needs_cleanup": null
   },
+  "exploit_linux/http/saltstack_salt_wheel_async_rce": {
+    "name": "SaltStack Salt API Unauthenticated RCE through wheel_async client",
+    "fullname": "exploit/linux/http/saltstack_salt_wheel_async_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2021-02-25",
+    "type": "exploit",
+    "author": [
+      "Alex Seymour",
+      "Christophe De La Fuente"
+    ],
+    "description": "This module leverages an authentication bypass and directory\n          traversal vulnerabilities in Saltstack Salt's REST API to execute\n          commands remotely on the `master` as the root user.\n\n          Every 60 seconds, `salt-master` service performs a maintenance\n          process check that reloads and executes all the `grains` on the\n          `master`, including custom grain modules in the Extension Module\n          directory. So, this module simply creates a Python script at this\n          location and waits for it to be executed. The time interval is set to\n          60 seconds by default but can be changed in the `master`\n          configuration file with the `loop_interval` option. Note that, if an\n          administrator executes commands locally on the `master`, the\n          maintenance process check will also be performed.\n\n          It has been fixed in the following installation packages: 3002.5,\n          3001.6 and 3000.8.\n\n          Also, a patch is available for the following versions: 3002.2,\n          3001.4, 3000.6, 2019.2.8, 2019.2.5, 2018.3.5, 2017.7.8, 2016.11.10,\n          2016.11.6, 2016.11.5, 2016.11.3, 2016.3.8, 2016.3.6, 2016.3.4,\n          2015.8.13 and 2015.8.10.\n\n          This module has been tested successfully against versions 3001.4,\n          3002 and 3002.2 on Ubuntu 18.04.",
+    "references": [
+      "CVE-2021-25281",
+      "CVE-2021-25282",
+      "URL-https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/",
+      "URL-https://github.com/Immersive-Labs-Sec/CVE-2021-25281/blob/main/cve-2021-25281.py"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd, x86, x64",
+    "rport": 8000,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix Command",
+      "Linux Dropper"
+    ],
+    "mod_time": "2021-03-31 17:48:35 +0000",
+    "path": "/modules/exploits/linux/http/saltstack_salt_wheel_async_rce.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/saltstack_salt_wheel_async_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "needs_cleanup": true
+  },
   "exploit_linux/http/samsung_srv_1670d_upload_exec": {
     "name": "Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload",
     "fullname": "exploit/linux/http/samsung_srv_1670d_upload_exec",
