cnvd - cnvd-2018-09648

cnvd-2018-09648

Vulnerability from cnvd

Title: 7-Zip访问限制绕过漏洞

Description:

7-Zip for Windows是一套基于Windows平台的免费的、开源的压缩/解压缩软件。

基于Windows平台的7-Zip 18.01及之前版本中存在安全漏洞，该漏洞源于程序通过调用‘LsaAddAccountRights’函数实现‘较大内存页面’选项，来向用户账户添加SeLockMemoryPrivilege权限。攻击者可通过使用SeLockMemoryPrivilege权限利用该漏洞绕过访问限制。

Severity: 高

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.7-zip.org/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-10172

Impacted products

Name
7-Zip 7-Zip <=18.01

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10172"
    }
  },
  "description": "7-Zip for Windows\u662f\u4e00\u5957\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u514d\u8d39\u7684\u3001\u5f00\u6e90\u7684\u538b\u7f29/\u89e3\u538b\u7f29\u8f6f\u4ef6\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u76847-Zip 18.01\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u901a\u8fc7\u8c03\u7528\u2018LsaAddAccountRights\u2019\u51fd\u6570\u5b9e\u73b0\u2018\u8f83\u5927\u5185\u5b58\u9875\u9762\u2019\u9009\u9879\uff0c\u6765\u5411\u7528\u6237\u8d26\u6237\u6dfb\u52a0SeLockMemoryPrivilege\u6743\u9650\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528SeLockMemoryPrivilege\u6743\u9650\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\u3002",
  "discovererName": "Igor Pavlov",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.7-zip.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09648",
  "openTime": "2018-05-17",
  "products": {
    "product": "7-Zip 7-Zip \u003c=18.01"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-10172",
  "serverity": "\u9ad8",
  "submitTime": "2018-04-17",
  "title": "7-Zip\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2018-10172 (GCVE-0-2018-10172)

Vulnerability from cvelistv5

Published

2018-04-16 22:00

Modified

2024-08-05 07:32

Severity ?

CWE

Summary

7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows.

References

▼	URL	Tags
	https://sourceforge.net/p/sevenzip/discussion/45797/thread/e730c709/?limit=25&page=1#b240

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:32:01.623Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/sevenzip/discussion/45797/thread/e730c709/?limit=25\u0026page=1#b240"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "7-Zip through 18.01 on Windows implements the \"Large memory pages\" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user\u0027s account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-08T21:31:51.548670",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://sourceforge.net/p/sevenzip/discussion/45797/thread/e730c709/?limit=25\u0026page=1#b240"
        }
      ],
      "tags": [
        "disputed"
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10172",
    "datePublished": "2018-04-16T22:00:00",
    "dateReserved": "2018-04-16T00:00:00",
    "dateUpdated": "2024-08-05T07:32:01.623Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted