[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Apache CouchDB CVE-2018-17188: Remote Privilege Escalations (Affects all versions < 2
From: Jan Lehnardt <jan () apache ! org>
Date: 2018-12-17 10:43:55
Message-ID: 8A4D6092-8350-438C-B09E-B569A2EB233A () apache ! org
[Download RAW message or body]
#Apache CouchDB CVE-2018-17188: Remote Privilege Escalations (Affects all versions < 2.3.0)
Date: 17.12.2018
Affected: All Versions of Apache CouchDB
Severity: Medium
Vendor: The Apache Software Foundation
## Description
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of \
the database. In some cases, this lead to vulnerabilities where CouchDB admin users could \
access the underlying operating system as the CouchDB user. Together with other \
vulnerabilities, it allowed full system entry for unauthenticated users.
These vulnerabilities were fixed and disclosed in the following CVE reports:
• CVE-2018-11769: Apache CouchDB Remote Code Execution[1]
• CVE-2018-8007: Apache CouchDB Remote Code Execution[2]
• CVE-2017-12636: Apache CouchDB Remote Code Execution[3]
• CVE-2017-12635: Apache CouchDB Remote Privilege Escalation[4]
Rather than waiting for new vulnerabilities to be discovered, and fixing them as they come up, \
the CouchDB development team decided to make changes to avoid this entire class of \
vulnerabilities.
With CouchDB version 2.3.0, CouchDB no longer can configure key components at runtime. While \
some flexibility is needed for speciality configurations of CouchDB, the configuration was \
changed from being available at runtime to start-up time. And as such now requires shell access \
to the CouchDB server.
This closes all future paths for vulnerabilities of this type.
## Mitigation
All users should upgrade to CouchDB 2.3.0.
Upgrades from previous 2.x versions in the same series should be seamless.
Users on earlier versions should consult with upgrade notes.
## Credit
This issue was discovered by the Apple Information Security team.
—
[1]: http://docs.couchdb.org/en/stable/cve/2017-12635.html \
<http://docs.couchdb.org/en/stable/cve/2017-12635.html> [2]: \
http://docs.couchdb.org/en/stable/cve/2017-12636.html \
<http://docs.couchdb.org/en/stable/cve/2017-12636.html> [3]: \
http://docs.couchdb.org/en/stable/cve/2018-11769.html \
<http://docs.couchdb.org/en/stable/cve/2018-11769.html> [3]: \
http://docs.couchdb.org/en/stable/cve/2018-8007.html \
<http://docs.couchdb.org/en/stable/cve/2018-8007.html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic