Executive Summary
Summary | |
---|---|
Title | New couchdb package fixes arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-2107 | First vendor Publication | 2010-09-09 |
Vendor | Debian | Last vendor Modification | 2010-09-09 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Dan Rosenberg discovered that in couchdb, a distributed, fault-tolerant and schema-free document-oriented database, an insecure library search path is used; a local attacker could execute arbitrary code by first dumping a maliciously crafted shared library in some directory, and then having an administrator run couchdb from this same directory. For the stable distribution (lenny), this problem has been fixed in version 0.8.0-2+lenny1. We recommend that you upgrade your couchdb package. |
Original Source
Url : http://www.debian.org/security/2010/dsa-2107 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12182 | |||
Oval ID: | oval:org.mitre.oval:def:12182 | ||
Title: | DSA-2107-1 couchdb -- untrusted search path | ||
Description: | Dan Rosenberg discovered that in couchdb, a distributed, fault-tolerant and schema-free document-oriented database, an insecure library search path is used; a local attacker could execute arbitrary code by first dumping a maliciously crafted shared library in some directory, and then having an administrator run couchdb from this same directory. For the stable distribution, this problem has been fixed in version 0.8.0-2+lenny1. We recommend that you upgrade your couchdb package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2107-1 CVE-2010-2953 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | couchdb |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-10-10 | Name : Debian Security Advisory DSA 2107-1 (couchdb) File : nvt/deb_2107_1.nasl |
2010-09-22 | Name : Fedora Update for couchdb FEDORA-2010-13640 File : nvt/gb_fedora_2010_13640_couchdb_fc13.nasl |
2010-09-22 | Name : Fedora Update for couchdb FEDORA-2010-13665 File : nvt/gb_fedora_2010_13665_couchdb_fc12.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
67976 | CouchDB on Debian GNU / Linux couchdb Patch Search Path Subversion Crafted Sh... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-09-21 | Name : The remote Fedora host is missing a security update. File : fedora_2010-13640.nasl - Type : ACT_GATHER_INFO |
2010-09-21 | Name : The remote Fedora host is missing a security update. File : fedora_2010-13665.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2107.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:29:40 |
|