Showing 1 - 3 of 3

CVE-2017-12635

Status Candidate

Overview

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.

Related Files

Apache CouchDB Arbitrary Command Execution: Posted Jul 12, 2018; Authored by Max Justicz, Joan Touzet | Site metasploit.com; CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.; tags | exploit, web, arbitrary, shell; advisories | CVE-2017-12635, CVE-2017-12636; SHA-256 | a93f10ff77a858d80ea8ceaf2de3218d932d08cd6154f36a815a8470659052df; Download | Favorite | View

Apache CouchDB 1.7.0 / 2.x Remote Privilege Escalation: Posted Apr 23, 2018; Authored by Sebastian Castro; Apache CouchDB versions 1.7.0 and 2.x before 2.1.1 suffer from a remote privilege escalation vulnerability.; tags | exploit, remote; advisories | CVE-2017-12635; SHA-256 | 525d67ae1bd8cce85c38aefe50c57f261d94efb9be445529a511817757bd7d95; Download | Favorite | View

Gentoo Linux Security Advisory 201711-16: Posted Nov 20, 2017; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201711-16 - Multiple vulnerabilities have been found in CouchDB, the worst of which could lead to the remote execution of arbitrary shell commands. Versions less than 1.7.1 are affected.; tags | advisory, remote, arbitrary, shell, vulnerability; systems | linux, gentoo; advisories | CVE-2017-12635, CVE-2017-12636; SHA-256 | 1637e4fbe6d399b8b711ad956330ad1c1baaed2b7f7cef8cb47f94e57500c620; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2017-12635

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems