Web application abuses : OrientDB Server Remote Code Execution Vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.112079

Kategorie: Web application abuses

Titel: OrientDB Server Remote Code Execution Vulnerability

Zusammenfassung: OrientDB does not enforce privilege requirements during 'where' or 'fetchplan'; or 'order by' use, which allows remote attackers to execute arbitrary OS commands via a crafted request.

Beschreibung: Summary:
OrientDB does not enforce privilege requirements during 'where' or 'fetchplan'
or 'order by' use, which allows remote attackers to execute arbitrary OS commands via a crafted request.

Vulnerability Insight:
OrientDB uses RBAC model for authentication schemes. By default an OrientDB has 3 roles - admin, writer and reader.
These have their usernames same as the role. For each database created on the server, it assigns by default these 3 users.

The privileges of the users are:

admin - access to all functions on the database without any limitation

reader - read-only user. The reader can query any records in the database, but can't modify or delete them. It has no access to internal information, such as the users and roles themselves

writer - same as the 'reader', but it can also create, update and delete records

ORole structure handles users and their roles and is only accessible by the admin user. OrientDB requires oRole read permissions to allow the user
to display the permissions of users and make other queries associated with oRole permissions.

From version 2.2.x and above whenever the oRole is queried with a where, fetchplan and order by statements,
this permission requirement is not required and information is returned to unprivileged users.

Since OrientDB has a function where one could execute groovy functions and this groovy wrapper doesn't have a sandbox and exposes system functionalities,
it is possible to run any command.

Affected Software/OS:
OrientDB Server version 2.2.x to 2.2.22

Solution:
Upgrade to OrientDB Server version 2.2.23 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-11467

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.112079
Kategorie:	Web application abuses
Titel:	OrientDB Server Remote Code Execution Vulnerability
Zusammenfassung:	OrientDB does not enforce privilege requirements during 'where' or 'fetchplan'; or 'order by' use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
Beschreibung:	Summary: OrientDB does not enforce privilege requirements during 'where' or 'fetchplan' or 'order by' use, which allows remote attackers to execute arbitrary OS commands via a crafted request. Vulnerability Insight: OrientDB uses RBAC model for authentication schemes. By default an OrientDB has 3 roles - admin, writer and reader. These have their usernames same as the role. For each database created on the server, it assigns by default these 3 users. The privileges of the users are: admin - access to all functions on the database without any limitation reader - read-only user. The reader can query any records in the database, but can't modify or delete them. It has no access to internal information, such as the users and roles themselves writer - same as the 'reader', but it can also create, update and delete records ORole structure handles users and their roles and is only accessible by the admin user. OrientDB requires oRole read permissions to allow the user to display the permissions of users and make other queries associated with oRole permissions. From version 2.2.x and above whenever the oRole is queried with a where, fetchplan and order by statements, this permission requirement is not required and information is returned to unprivileged users. Since OrientDB has a function where one could execute groovy functions and this groovy wrapper doesn't have a sandbox and exposes system functionalities, it is possible to run any command. Affected Software/OS: OrientDB Server version 2.2.x to 2.2.22 Solution: Upgrade to OrientDB Server version 2.2.23 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-11467
Copyright	Copyright (C) 2017 Greenbone Networks GmbH