CVE-2017-12189 - It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platfor

CVE-2017-12189

Summary

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.

References

Vulnerable Configurations

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 09-10-2019 - 23:22)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa
id RHSA-2018:0002
rhsa
id RHSA-2018:0003
rhsa
id RHSA-2018:0004
rhsa
id RHSA-2018:0005

rpms

eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el6
eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el6
eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el6
eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el6
eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el6
eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el6
eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el6
eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el6
eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6
eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6
eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el6
eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el6
eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el6
eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el6
eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el6
eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el6
eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el6
eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el6
eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el6
eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el6
eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el6
eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el6
eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el6
eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el6
eap7-activemq-artemis-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-cli-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-commons-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-core-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-dto-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-hornetq-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-hqclient-protocol-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-jms-client-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-jms-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-journal-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-native-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-ra-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-selector-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-server-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-activemq-artemis-service-extensions-0:1.1.0-19.SP24_redhat_1.1.ep7.el7
eap7-hibernate-0:5.0.16-1.Final_redhat_1.1.ep7.el7
eap7-hibernate-core-0:5.0.16-1.Final_redhat_1.1.ep7.el7
eap7-hibernate-entitymanager-0:5.0.16-1.Final_redhat_1.1.ep7.el7
eap7-hibernate-envers-0:5.0.16-1.Final_redhat_1.1.ep7.el7
eap7-hibernate-infinispan-0:5.0.16-1.Final_redhat_1.1.ep7.el7
eap7-hibernate-java8-0:5.0.16-1.Final_redhat_1.1.ep7.el7
eap7-ironjacamar-0:1.3.8-1.Final_redhat_1.1.ep7.el7
eap7-ironjacamar-common-api-0:1.3.8-1.Final_redhat_1.1.ep7.el7
eap7-ironjacamar-common-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el7
eap7-ironjacamar-common-spi-0:1.3.8-1.Final_redhat_1.1.ep7.el7
eap7-ironjacamar-core-api-0:1.3.8-1.Final_redhat_1.1.ep7.el7
eap7-ironjacamar-core-impl-0:1.3.8-1.Final_redhat_1.1.ep7.el7
eap7-ironjacamar-deployers-common-0:1.3.8-1.Final_redhat_1.1.ep7.el7
eap7-ironjacamar-jdbc-0:1.3.8-1.Final_redhat_1.1.ep7.el7
eap7-ironjacamar-validator-0:1.3.8-1.Final_redhat_1.1.ep7.el7
eap7-jboss-remoting-0:4.0.25-1.Final_redhat_1.1.ep7.el7
eap7-jboss-xnio-base-0:3.4.7-1.Final_redhat_1.1.ep7.el7
eap7-jgroups-0:3.6.12-1.Final_redhat_1.1.ep7.el7
eap7-resteasy-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-async-http-servlet-3.0-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-atom-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-cdi-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-client-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-crypto-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-jackson-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-jackson2-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-jaxb-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-jaxrs-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-jettison-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-jose-jwt-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-jsapi-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-json-p-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-multipart-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-spring-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-validator-provider-11-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-resteasy-yaml-provider-0:3.0.19-7.SP5_redhat_1.1.ep7.el7
eap7-undertow-0:1.3.31-3.Final_redhat_3.1.ep7.el7
eap7-wildfly-0:7.0.9-4.GA_redhat_3.1.ep7.el7
eap7-wildfly-javadocs-0:7.0.9-2.GA_redhat_3.1.ep7.el7
eap7-wildfly-modules-0:7.0.9-4.GA_redhat_3.1.ep7.el7
eap7-jboss-ec2-eap-0:7.0.9-2.GA_redhat_2.ep7.el6
eap7-jboss-ec2-eap-0:7.0.9-2.GA_redhat_2.ep7.el7
eap7-jboss-ec2-eap-samples-0:7.0.9-2.GA_redhat_2.ep7.el6
eap7-jboss-ec2-eap-samples-0:7.0.9-2.GA_redhat_2.ep7.el7

refmap via4

bid	102407
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189

Last major update

09-10-2019 - 23:22

Published

10-01-2018 - 19:29

Last modified

09-10-2019 - 23:22