back to article Proof of concept code published for latest Saltstack CVE: Don't be an update laggard

Proof of concept code has been published for a vulnerability in popular data centre security management tool Saltstack, which was discovered after a developer at Immersive Labs found a privilege escalation bug allowing any old user to become root. SaltStack offers open-source, Python-based automation tools and was acquired by …

  1. Claptrap314 Silver badge


    "Minion"--is that the person who isn't allowed to use words because the "master" says they cannot?

    This is ungood. Really. At least plus ungood.

  2. Unbelievable!

    "good faith"

    "In the recent past, we have gone above and beyond our lifecycle policy in good faith to fix critical issues in versions no longer supported.

    Going forward, this will be the exception and not standard practice"

    - i can understand why. legacy systems might be time cosuming or even impossible to accomodate.

    But ruling out help for 'critical' issues isn't a good image or message. Perhaps just a suggestion of 'help only on a case by case basis.' at least that puts out a message of hope and an expectation of being charged for.

    "Good Faith" isn't what it used to be. nowadays is used as upselling.

    1. Anonymous Coward
      Anonymous Coward

      Re: "good faith"

      Then perhaps you should upgrade.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like