Bug 1068386 – VUL-0: CVE-2017-12636: couchdb: CouchDB administrative users can configure the database server via HTTP(S). Someof the configuration options include paths for operating system-level binariesthat are subsequently launched by CouchDB. This

Bug 1068386 - (CVE-2017-12636) VUL-0: CVE-2017-12636: couchdb: CouchDB administrative users can configure the database server via HTTP(S). Someof the configuration options include paths for operating system-level binariesthat are subsequently launched by CouchDB. This

(CVE-2017-12636)
Summary:	VUL-0: CVE-2017-12636: couchdb: CouchDB administrative users can configure th...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/194964/
Whiteboard:	CVSSv3:SUSE:CVE-2017-12635:8.1:(AV:N/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-11-16 07:21 UTC by Marcus Meissner
Modified:	2020-09-24 13:31 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2017-11-16 07:21:22 UTC

CVE-2017-12636

CouchDB administrative users can configure the database server via HTTP(S). Some
of the configuration options include paths for operating system-level binaries
that are subsequently launched by CouchDB. This allows an admin user in Apache
CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as
the CouchDB user, including downloading and executing scripts from the public
internet.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12636
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12635
http://seclists.org/oss-sec/2017/q4/279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12635
https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E

Comment 1 Marcus Meissner 2017-11-16 07:26:02 UTC

https://justi.cz/security/2017/11/14/couchdb-rce-npm.html

Comment 2 Keith Berger 2018-03-23 14:16:55 UTC

https://trello.com/c/I1KCfwb2

Comment 3 Jiří Suchomel 2018-03-26 11:02:59 UTC

So, building 1.7.1 version is not difficult:

https://build.suse.de/package/show/home:jsuchome:branches:Devel:Cloud:8/couchdb

Comment 4 Jiří Suchomel 2018-03-27 12:39:08 UTC

SR for Cloud8: https://build.suse.de/request/show/160311

Comment 6 Jiří Suchomel 2018-03-28 07:52:10 UTC

SR for SOC7: https://build.suse.de/request/show/160449

Comment 7 Jiří Suchomel 2018-04-04 09:24:55 UTC

Cloud packages updated

Comment 9 Jiří Suchomel 2018-07-24 15:21:33 UTC

Created maintenance request, I hope it's correct this way:

https://build.suse.de/request/show/168824

Comment 13 Swamp Workflow Management 2018-08-31 16:13:29 UTC

SUSE-SU-2018:2578-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1068386,1100973
CVE References: CVE-2017-12636,CVE-2018-8007
Sources used:
SUSE OpenStack Cloud 7 (src):    couchdb-1.7.2-2.8.2
SUSE Enterprise Storage 4 (src):    couchdb-1.7.2-2.8.2

Comment 14 Wolfgang Frisch 2020-09-24 13:31:40 UTC

Released.