Script is throwing error while running it on 2016.x.x and also on 2019.2.2

[pavankumarshambhu]

python salt-cve-check.py
[+] Python version: 2.6.6
[+] Salt version: 2016.3.3
[ ] This version of salt is vulnerable! Check results below
[+] Checking salt-master (127.0.0.1:4506) status... ONLINE
[+] Checking if vulnerable to CVE-2020-11651... YES
[+] Checking if vulnerable to CVE-2020-11652 (read_token)... YES
[+] Checking if vulnerable to CVE-2020-11652 (read)... Traceback (most recent call last):
File "salt-cve-check.py", line 248, in
retn |= check_CVE_2020_11652_read()
File "salt-cve-check.py", line 150, in check_CVE_2020_11652_read
if rets['data']['return']:
KeyError: u'data'

[rossengeorgiev]

Can you run python salt-cve-check.py DEBUG and provide the output?

[pavankumarshambhu]

1.CentOS release 6.8 (Final)
python salt-cve-check.py DEBUG
[+] Python version: 2.6.6
[+] Salt version: 2016.3.3
[ ] This version of salt is vulnerable! Check results below
[+] Checking salt-master (127.0.0.1:4506) status... ONLINE
[+] Checking if vulnerable to CVE-2020-11651... NO
[+] Checking if vulnerable to CVE-2020-11652 (read_token)...
{}
NO
[+] Checking if vulnerable to CVE-2020-11652 (read)...
{'error': {'message': 'Authentication failure of type "eauth" occurred for user UNKNOWN.', 'name': 'EauthAuthenticationError'}}
Traceback (most recent call last):
File "salt-cve-check.py", line 248, in
retn |= check_CVE_2020_11652_read()
File "salt-cve-check.py", line 150, in check_CVE_2020_11652_read
if rets['data']['return']:
KeyError: u'data'

2.CentOS Linux release 7.3.1611 (Core)

python salt-cve-check.py DEBUG
[+] Python version: 2.7.5
[+] Salt version: 2019.2.5
[+] Checking salt-master (127.0.0.1:4506) status... ONLINE
[+] Checking if vulnerable to CVE-2020-11651... NO
[+] Checking if vulnerable to CVE-2020-11652 (read_token)...
{}
NO
[+] Checking if vulnerable to CVE-2020-11652 (read)...
{'error': {'message': 'Authentication failure of type "user" occurred', 'name': 'UserAuthenticationError'}}
Traceback (most recent call last):
File "salt-cve-check.py", line 248, in
retn |= check_CVE_2020_11652_read()
File "salt-cve-check.py", line 150, in check_CVE_2020_11652_read
if rets['data']['return']:
KeyError: u'data'
Exception TypeError: "'NoneType' object is not callable" in <bound method AsyncZeroMQReqChannel.del of <salt.transport.zeromq.AsyncZeroMQReqChannel object at 0x24c14d0>> i

3.it ran well on test server that I installed to check this script

CentOS Linux release 7.7.1908 (Core)

python salt-cve-check.py DEBUG
[+] Salt version: 2016.11.10
[ ] This version of salt is vulnerable! Check results below
[+] Checking salt-master (127.0.0.1:4506) status... ONLINE
[+] Checking if vulnerable to CVE-2020-11651... NO
[+] Checking if vulnerable to CVE-2020-11652 (read_token)... NO
[+] Checking if vulnerable to CVE-2020-11652 (read)... NO
[+] Checking if vulnerable to CVE-2020-11652 (write1)... NO
[+] Checking if vulnerable to CVE-2020-11652 (write2)... NO

[rossengeorgiev]

Is this salt shipped with CentOS EPEL, with default configuration?

1. eauth implies it is using external authentication. That is not supported for the check script.
2. auth, this should be normal auth. Strange, maybe root token doesn't exist. Try running some salt command before the check script.

The check scripts assumes it is ran as root on salt-master, with default config. No external auth, or other. It has to read the root user local token to authenticate some of the requests.

[pavankumarshambhu]

It is configured through saltstack repository.
I ran the script as root and salt commands are running fine as well.
As you mentioned about root 'token' not existing is there anyway that i can find that

[rossengeorgiev]

Looks the script, it reads the token file. I've not fully explorer how it works, but I believe salt generates as way to authenticate local commands. Every time you run salt, it will read the file, connect to the salt-master service over tcp, and use the token for commands requiring authentication. If you are using a different username, there will be an appropriately named file.