CVE-2016-3176

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-3176
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3176.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-3176
Aliases
Downstream
Related
Published
2017-01-31T19:59:00.183Z
Modified
2026-04-11T16:23:00.698398Z
Severity
  • 5.6 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.

References

Affected packages

Git / github.com/saltstack/salt

Affected ranges

Type
GIT
Repo
https://github.com/saltstack/salt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
92889db638dc8f5079641dc86d85ce0cb2a7b984
Last affected
34324abe562f6326618e290611a1737714118749
Last affected
87d86e4b3eaad075876f516eb8bb693d9a88d1c9
Last affected
af297bb0aefcc4ffa5b085166835ca23d0b7c457
Last affected
345206b68e97465c18450227e21adb888dd87358
Last affected
1c6c394d0ed51db613938dbfa4db6002eeb87a87
Last affected
c7db4350d53d399349e740cd403f2fdd1fcf571f
Last affected
8d84c636cf241237ca5e033beea6e3179e4de7d5
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2015.5.9"
        },
        {
            "last_affected": "2015.8.0"
        },
        {
            "last_affected": "2015.8.1"
        },
        {
            "last_affected": "2015.8.2"
        },
        {
            "last_affected": "2015.8.3"
        },
        {
            "last_affected": "2015.8.4"
        },
        {
            "last_affected": "2015.8.5"
        },
        {
            "last_affected": "2015.8.7"
        }
    ],
    "cpe": [
        "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2015.8.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2015.8.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2015.8.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2015.8.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2015.8.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2015.8.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:saltstack:salt:2015.8.7:*:*:*:*:*:*:*"
    ]
}

Affected versions

v0.*
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16
v0.17
v0.6.0
v0.7.0
v0.8.0
v0.8.7
v0.8.9
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.9
v2014.*
v2014.1
v2014.7
v2015.*
v2015.2
v2015.2.0rc1
v2015.2.0rc2
v2015.5
v2015.5.0
v2015.5.1
v2015.5.2
v2015.5.3
v2015.5.4
v2015.5.5
v2015.5.6
v2015.5.7
v2015.5.8
v2015.5.9
v2015.8
v2015.8.0
v2015.8.0rc1
v2015.8.0rc2
v2015.8.0rc3
v2015.8.0rc4
v2015.8.0rc5
v2015.8.1
v2015.8.2
v2015.8.3
v2015.8.4
v2015.8.5
v2015.8.6
v2015.8.7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-3176.json"