cnvd - cnvd-2016-12079

cnvd-2016-12079

Vulnerability from cnvd

Title: Apache CouchDB本地提权漏洞

Description:

Apache CouchDB是美国阿帕奇（Apache）软件基金会的一个数据库，是一个使用JSON作为存储格式，JavaScript作为查询语言，MapReduce和HTTP作为API的NoSQL数据库。

Apache CouchDB 2.0.0版本存在本地提权漏洞，本地攻击者可以利用该漏洞获取系统管理员权限。

Severity: 中

Formal description:

目前没有详细解决方案提供： http://couchdb.apache.org/

Reference: https://www.exploit-db.com/exploits/40865/

Impacted products

Name
Apache Software Foundation CouchDB 2.0.0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94766"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8742"
    }
  },
  "description": "Apache CouchDB\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u6570\u636e\u5e93\uff0c\u662f\u4e00\u4e2a\u4f7f\u7528JSON\u4f5c\u4e3a\u5b58\u50a8\u683c\u5f0f\uff0cJavaScript\u4f5c\u4e3a\u67e5\u8be2\u8bed\u8a00\uff0cMapReduce\u548cHTTP\u4f5c\u4e3aAPI\u7684NoSQL\u6570\u636e\u5e93\u3002\r\n\r\nApache CouchDB 2.0.0\u7248\u672c\u5b58\u5728\u672c\u5730\u63d0\u6743\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u7cfb\u7edf\u7ba1\u7406\u5458\u6743\u9650\u3002",
  "discovererName": "hyp3rlinx",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://couchdb.apache.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-12079",
  "openTime": "2016-12-09",
  "products": {
    "product": "Apache Software Foundation CouchDB 2.0.0"
  },
  "referenceLink": "https://www.exploit-db.com/exploits/40865/",
  "serverity": "\u4e2d",
  "submitTime": "2016-12-06",
  "title": "Apache CouchDB\u672c\u5730\u63d0\u6743\u6f0f\u6d1e"
}

CVE-2016-8742 (GCVE-0-2016-8742)

Vulnerability from cvelistv5

Published

2018-02-12 17:00

Modified

2024-09-17 00:26

Severity ?

CWE

File permissions

Summary

The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.

References

▼	URL	Tags
	http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.exploit-db.com/exploits/40865/	exploit, x_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/94766	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache CouchDB	Version: 2.0.0 (Windows platform only)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:34:59.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[couchdb-dev] 20161208 http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E"
          },
          {
            "name": "40865",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40865/"
          },
          {
            "name": "94766",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94766"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache CouchDB",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "2.0.0 (Windows platform only)"
            }
          ]
        }
      ],
      "datePublic": "2016-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File permissions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-13T10:57:01",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[couchdb-dev] 20161208 http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E"
        },
        {
          "name": "40865",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40865/"
        },
        {
          "name": "94766",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94766"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2016-12-08T00:00:00",
          "ID": "CVE-2016-8742",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache CouchDB",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.0.0 (Windows platform only)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[couchdb-dev] 20161208 http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E",
              "refsource": "MLIST",
              "url": "http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E"
            },
            {
              "name": "40865",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40865/"
            },
            {
              "name": "94766",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94766"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2016-8742",
    "datePublished": "2018-02-12T17:00:00Z",
    "dateReserved": "2016-10-18T00:00:00",
    "dateUpdated": "2024-09-17T00:26:42.742Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted