Showing 1 - 4 of 4

CVE-2017-12635

Status Candidate

Overview

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.

Related Files

CouchDB Enum Utility: Posted Aug 31, 2024; Authored by Roberto S. Soares, Max Justicz, Green-m, Hendrik Van Belleghem | Site metasploit.com; This Metasploit module enumerates databases on CouchDB using the REST API (without authentication by default).; tags | exploit; advisories | CVE-2017-12635; SHA-256 | 2942d69e8cd376e67d7cb3531714d06e9b22d6dd3d9fe3f3f432e8930a09dad3; Download | Favorite | View

Apache CouchDB Arbitrary Command Execution: Posted Jul 12, 2018; Authored by Max Justicz, Joan Touzet | Site metasploit.com; CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.; tags | exploit, web, arbitrary, shell; advisories | CVE-2017-12635, CVE-2017-12636; SHA-256 | a93f10ff77a858d80ea8ceaf2de3218d932d08cd6154f36a815a8470659052df; Download | Favorite | View

Apache CouchDB 1.7.0 / 2.x Remote Privilege Escalation: Posted Apr 23, 2018; Authored by Sebastian Castro; Apache CouchDB versions 1.7.0 and 2.x before 2.1.1 suffer from a remote privilege escalation vulnerability.; tags | exploit, remote; advisories | CVE-2017-12635; SHA-256 | 525d67ae1bd8cce85c38aefe50c57f261d94efb9be445529a511817757bd7d95; Download | Favorite | View

Gentoo Linux Security Advisory 201711-16: Posted Nov 20, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201711-16 - Multiple vulnerabilities have been found in CouchDB, the worst of which could lead to the remote execution of arbitrary shell commands. Versions less than 1.7.1 are affected.; tags | advisory, remote, arbitrary, shell, vulnerability; systems | linux, gentoo; advisories | CVE-2017-12635, CVE-2017-12636; SHA-256 | 1637e4fbe6d399b8b711ad956330ad1c1baaed2b7f7cef8cb47f94e57500c620; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 60 files
Debian 19 files
Gentoo 8 files
Apple 5 files
Google Security Research 4 files
Jann Horn 3 files
Spencer McIntyre 3 files
LiquidWorm 3 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2017-12635

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems