Recently Ali Cloud threat intelligence monitoring open source database
Apache CouchDB
The new version 2.1.1& was released on November 7, 2017
1.7.0/1.7.1 To fix two high-risk remote command execution vulnerabilities named CVE-2017-12635/12636.


1.7.0/1.7.1


The details are as follows:

Vulnerability No. :



CVE-2017-12635


CVE-2017-12636


Name of vulnerability:



Apache CouchDB Remote command execution vulnerability


Official rating:



At high risk of


Vulnerability description:



CVE-2017-12635


Because CouchDB’s Erlang-based JSON parser differs from its javascript-based JSON parser, you can submit _USERS documents in the database with duplicate keys for roles for access control, including the special case _admin role representing administrative users. Used in conjunction with CVE-2017-12636 (Remote Execution Code), it enables a non-administrator user to access any shell command on the server as a database system user.


Differences in JSON parsers result in behavior: if two role keys are available in JSON, the second role key is used for authorization document writing, but the first role key is used for subsequent authorization of the newly created user. By design, users cannot assign their own roles. This vulnerability allows non-administrator users to grant their own administrator privileges.





CVE-2017-13090


CouchDB administration users can configure the database server over HTTP (S). Some configuration options include the path to the operating system-level binaries, which are then started by CouchDB. This allows the CouchDB administrator user to execute arbitrary shell commands as a CouchDB user, including downloading and executing scripts from the public Internet.


Conditions and methods of vulnerability utilization:



Remote use

PoC status:



unpublished


Scope of vulnerability:



CouchDB 1.x and 2.x

Not affected:

Version 2.1.1 or 1.7.0/1 later

Vulnerability detection:


Development or operations

Researchers examined

Is it used

In the range of affected versions

Apache CouchDB, whether strong passwords and network access control policies are configured

.


Bug fix

advice

(or mitigation measures):


1. Public

Apache CouchDB instance

  • You are advised to upgrade to the latest version;
  • Use ECS security groups or firewall policies to limit The Exposure of CouchDB ports to the Internet and implement refined network access control policies.
  • To enable the authentication function, you are advised to configure user-defined accounts and strong passwords instead of default passwords to prevent brute force cracking attacks.


2. The IntranetApache CouchDB instance

  • Use ECS security groups or firewall policies to limit The exposure of CouchDB ports to the Internet and implement refined network access control.
  • To enable the authentication function, you are advised to configure user-defined accounts and strong passwords instead of default passwords to prevent brute force cracking attacks.


Source:



  • Apache CouchDB official security bulletin:https://blog.couchdb.org/2017/11/14/apache-couchdb-cve-2017-12635-and-cve-2017-12636
  • OSS – SEC:http://seclists.org/oss-sec/2017/q4/279




























































































































[This post has been reedited by Zhenghe in 2017-11-16 11:25]

The original link