The aggressor exploited a senior high school - grimness vulnerability in the “ common salt ” opened generator direction system of rules that was loose to the public on April 30 , the solar day after the sustainer bring out freshly adaptation that define the problem .
# All system fine-tune thither
In only two day , the interloper explore the net for vulnerable Salt Master induction and act against them . In a brusk twirp , LineageOS announced the assail that it go on on May 2 , more or less 8 p.m. PST and the generator codification stay unaltered . Although the incidental storm LineageOS to shut out down all of its serving , it did not touch the bless cay that authenticate dispersion because they are put in on server dissever from the briny infrastructure . We are able to control that : – signal tonality are unmoved . – Builds are untouched . – rootage codification is untouched . realise https://t.co/85fvp6Gj2h for More information . — LineageOS ( @LineageAndroid ) May 3 , 2020 Builds were besides unchanged as they had been “ hesitate because of an unrelated publication since April 30 , ” fit in to data on the status Page of the throw . In all , the invasion touched the undermentioned military service : chain armor waiter , download mirror , statistics , download portal vein , and the Gerrit Code Review quislingism plan expend in the exploitation summons . Sunday daybreak , 3 a.m. The LineageOS squad has finagle to repair the site , e-mail , wiki , and some intimate Service . Gerrit is up and bunk at the bit , too .
# hemipteron were describe early this week
common salt is a SaltStack host management shaft for case - ground mechanization and remote chore executing . aforethought for electronic network and constellation direction for any lotion bed , it is ordinarily instal on host in data point inwardness and fog shape . On April 30 , F - Secure research worker release info about two beleaguer in Salt that are exploitable for remote cypher slaying with rout perquisite . One of them , experience as CVE-2020 - 11651 , is a master waiter ring road hallmark that leave you to make a motion to guest host ( minion ) require that are running game as beginning . The former one , monitor as CVE-2020 - 11652 , is a itinerary traverse that render get at to the original host ’s integral register arrangement . In the consultive , F - Secure take that “ any skilled hacker would be able-bodied to body-build 100 % in force overwork for these proceeds in less than 24 hr . ” At the sentence of the survey , more than than 6,000 compromise salt case were give away to the populace net .
