Looks like there's some help out there already, there's a CVE check in some python2 janky fashion...
but use your best judgement, its yet another script.
@chuck And just after I had pretty much decided to use salt for building and deploying my systems this summer Maybe I do go with Ansible like I originally planned 🤔
@chuck I was jsut reading about this.
It's bad... VVbad.
And the exploit documentation site only presents content if you load and run their JS. Confidence == low.
@vandys yeah, the web is hot garbage.
@chuck as currently deployed (i.e., the "new normal") I have to agree. 😩
1) People who expose their configuration management daemons to the Internet
2) People who don't patch them when a HUGE REMOTE CODE EXECUTION HITS THE NEWS
Lulz, I read this toot just after coming from a (virtual) church service where the reading du jour was the bit that begins "You are the salt of the earth, but if the salt loses its flavor...."
Here's a soundtrack to play while removing the bad salt from your computer -- the Rolling Stones' "Salt of the Earth": https://www.youtube.com/watch?v=eOiLH-2hTPQ. (Joan Baez and Judy Collins have good cover versions too.)
@chuck Oh wow, that’s a horrible exploit.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!