SB2018121701 - Gentoo update for CouchDB

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018121701

SB2018121701 - Gentoo update for CouchDB

Published: December 17, 2018

Security Bulletin ID SB2018121701
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2018-11769)

The vulnerability allows a remote administrative attacker to gain elevated privileges on the target system.

The vulnerability exists due to insufficient validation of administrator-supplied configuration settings via the HTTP API. A remote attacker can bypass the blacklist of configuration settings that are not allowed to be modified via the HTTP API and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


2) Privilege escalation (CVE-ID: CVE-2018-8007)

The vulnerability allows a remote administrative attacker to gain elevated privileges on the target system.

The vulnerability exists due to insufficient validation of administrator-supplied configuration settings via the HTTP API. A remote attacker can bypass the blacklist of configuration settings that are not allowed to be modified via the HTTP API and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


Remediation

Install update from vendor's website.

References