cnvd - cnvd-2017-02744

cnvd-2017-02744

Vulnerability from cnvd

Title: 多款Intel产品本地特权提升漏洞

Description:

Intel Parallel Studio X等都是美国英特尔（Intel）公司的产品。Intel Parallel Studio X是一套用于提高应用程序的性能和大数据分析的软件；Intel Inspector是一套用于专门动态测试应用程序的内存访问错误和线程访问错误的工具。

多款Intel产品中PSET Application Install wrapper存在提权漏洞。攻击者可利用该漏洞以提升的权限启动进程。

Severity: 高

Patch Name: 多款Intel产品本地特权提升漏洞的补丁

Patch Description:

多款Intel产品中PSET Application Install wrapper存在提权漏洞。攻击者可利用该漏洞以提升的权限启动进程。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070&languageid=en-fr

Reference: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070&amp;languageid=en-fr

Impacted products

Name
['Intel VTune Amplifier 0', 'Intel Trace Analyzer and Collector 0', 'Intel Threading Building Blocks 0', 'Intel System Studio 0', 'Intel Parallel Studio XE 0', 'Intel MPI Library 0', 'Intel Math Kernel Library 0', 'Intel Integrated Performance Primitives 0', 'Intel Inspector 0', 'Intel Data Analytics Acceleration Library 0', 'Intel Cryptography for Intel Integrated Performance Primitives 0', 'Intel Advisor 0']

Name

['Intel VTune Amplifier 0', 'Intel Trace Analyzer and Collector 0', 'Intel Threading Building Blocks 0', 'Intel System Studio 0', 'Intel Parallel Studio XE 0', 'Intel MPI Library 0', 'Intel Math Kernel Library 0', 'Intel Integrated Performance Primitives 0', 'Intel Inspector 0', 'Intel Data Analytics Acceleration Library 0', 'Intel Cryptography for Intel Integrated Performance Primitives 0', 'Intel Advisor 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96482"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5682"
    }
  },
  "description": "Intel Parallel Studio X\u7b49\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Parallel Studio X\u662f\u4e00\u5957\u7528\u4e8e\u63d0\u9ad8\u5e94\u7528\u7a0b\u5e8f\u7684\u6027\u80fd\u548c\u5927\u6570\u636e\u5206\u6790\u7684\u8f6f\u4ef6\uff1bIntel Inspector\u662f\u4e00\u5957\u7528\u4e8e\u4e13\u95e8\u52a8\u6001\u6d4b\u8bd5\u5e94\u7528\u7a0b\u5e8f\u7684\u5185\u5b58\u8bbf\u95ee\u9519\u8bef\u548c\u7ebf\u7a0b\u8bbf\u95ee\u9519\u8bef\u7684\u5de5\u5177\u3002\r\n\r\n\u591a\u6b3eIntel\u4ea7\u54c1\u4e2dPSET Application Install wrapper\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u542f\u52a8\u8fdb\u7a0b\u3002",
  "discovererName": "Intel",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-02744",
  "openTime": "2017-03-15",
  "patchDescription": "Intel Parallel Studio X\u7b49\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Parallel Studio X\u662f\u4e00\u5957\u7528\u4e8e\u63d0\u9ad8\u5e94\u7528\u7a0b\u5e8f\u7684\u6027\u80fd\u548c\u5927\u6570\u636e\u5206\u6790\u7684\u8f6f\u4ef6\uff1bIntel Inspector\u662f\u4e00\u5957\u7528\u4e8e\u4e13\u95e8\u52a8\u6001\u6d4b\u8bd5\u5e94\u7528\u7a0b\u5e8f\u7684\u5185\u5b58\u8bbf\u95ee\u9519\u8bef\u548c\u7ebf\u7a0b\u8bbf\u95ee\u9519\u8bef\u7684\u5de5\u5177\u3002\r\n\r\n\u591a\u6b3eIntel\u4ea7\u54c1\u4e2dPSET Application Install wrapper\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u542f\u52a8\u8fdb\u7a0b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eIntel\u4ea7\u54c1\u672c\u5730\u7279\u6743\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Intel VTune Amplifier 0",
      "Intel Trace Analyzer and Collector 0",
      "Intel Threading Building Blocks 0",
      "Intel System Studio 0",
      "Intel Parallel Studio XE 0",
      "Intel MPI Library 0",
      "Intel Math Kernel Library 0",
      "Intel Integrated Performance Primitives 0",
      "Intel Inspector 0",
      "Intel Data Analytics Acceleration Library 0",
      "Intel Cryptography for Intel Integrated Performance Primitives 0",
      "Intel Advisor 0"
    ]
  },
  "referenceLink": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026amp;amp;languageid=en-fr",
  "serverity": "\u9ad8",
  "submitTime": "2017-03-02",
  "title": "\u591a\u6b3eIntel\u4ea7\u54c1\u672c\u5730\u7279\u6743\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2017-5682 (GCVE-0-2017-5682)

Vulnerability from cvelistv5

Published

2017-02-28 19:00

Modified

2024-08-05 15:11

Severity ?

CWE

Escalation of Privilege

Summary

Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges.

References

▼	URL	Tags
	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070&languageid=en-fr	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/96482	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2	Version: Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:11:48.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr"
          },
          {
            "name": "96482",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96482"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2"
            }
          ]
        }
      ],
      "datePublic": "2017-02-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-02T10:57:01",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr"
        },
        {
          "name": "96482",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96482"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2017-5682",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr",
              "refsource": "CONFIRM",
              "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr"
            },
            {
              "name": "96482",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96482"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2017-5682",
    "datePublished": "2017-02-28T19:00:00",
    "dateReserved": "2017-02-01T00:00:00",
    "dateUpdated": "2024-08-05T15:11:48.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted