CVE-2016-1711
CVSS6.8
发布时间 :2016-07-23 15:59:07
修订时间 :2016-11-28 15:01:30
NMP    

[原文]WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.


[CNNVD]CNNVD数据暂缺。


[机译]Google 翻译(企业版):

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-285 [授权机制不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1711
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1711
(官方数据源) NVD

- 其它链接及资源

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
(VENDOR_ADVISORY)  CONFIRM  http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html
(UNKNOWN)  SUSE  openSUSE-SU-2016:1865
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html
(UNKNOWN)  SUSE  openSUSE-SU-2016:1868
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html
(UNKNOWN)  SUSE  openSUSE-SU-2016:1869
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html
(UNKNOWN)  SUSE  openSUSE-SU-2016:1918
http://rhn.redhat.com/errata/RHSA-2016-1485.html
(UNKNOWN)  REDHAT  RHSA-2016:1485
http://www.debian.org/security/2016/dsa-3637
(UNKNOWN)  DEBIAN  DSA-3637
http://www.securityfocus.com/bid/92053
(UNKNOWN)  BID  92053
http://www.ubuntu.com/usn/USN-3041-1
(UNKNOWN)  UBUNTU  USN-3041-1
https://codereview.chromium.org/2079473002
(UNKNOWN)  CONFIRM  https://codereview.chromium.org/2079473002
https://crbug.com/617495
(UNKNOWN)  CONFIRM  https://crbug.com/617495

- 漏洞信息 (F138054)

Red Hat Security Advisory 2016-1485-01 (PacketStormID:F138054)
2016-07-26 00:00:00
Red Hat  
advisory,web,arbitrary
linux,redhat
CVE-2016-1705,CVE-2016-1706,CVE-2016-1708,CVE-2016-1709,CVE-2016-1710,CVE-2016-1711,CVE-2016-5127,CVE-2016-5128,CVE-2016-5129,CVE-2016-5130,CVE-2016-5131,CVE-2016-5132,CVE-2016-5133,CVE-2016-5134,CVE-2016-5135,CVE-2016-5136,CVE-2016-5137
[点击下载]

Red Hat Security Advisory 2016-1485-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 52.0.2743.82. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: chromium-browser security update
Advisory ID:       RHSA-2016:1485-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2016-1485.html
Issue date:        2016-07-26
CVE Names:         CVE-2016-1705 CVE-2016-1706 CVE-2016-1708 
                   CVE-2016-1709 CVE-2016-1710 CVE-2016-1711 
                   CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 
                   CVE-2016-5130 CVE-2016-5131 CVE-2016-5132 
                   CVE-2016-5133 CVE-2016-5134 CVE-2016-5135 
                   CVE-2016-5136 CVE-2016-5137 
=====================================================================

1. Summary:

An update for chromium-browser is now available for Red Hat Enterprise
Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Chromium is an open-source web browser, powered by WebKit (Blink).

This update upgrades Chromium to version 52.0.2743.82.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Chromium to crash,
execute arbitrary code, or disclose sensitive information when visited by
the victim. (CVE-2016-1706, CVE-2016-1708, CVE-2016-1709, CVE-2016-1710,
CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130,
CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135,
CVE-2016-5136, CVE-2016-5137, CVE-2016-1705)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Chromium must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1358630 - CVE-2016-1706 chromium-browser: sandbox escape in ppapi
1358632 - CVE-2016-1708 chromium-browser: use-after-free in extensions
1358633 - CVE-2016-1709 chromium-browser: heap-buffer-overflow in sfntly
1358634 - CVE-2016-1710 chromium-browser: same-origin bypass in blink
1358636 - CVE-2016-1711 chromium-browser: same-origin bypass in blink
1358637 - CVE-2016-5127 chromium-browser: use-after-free in blink
1358638 - CVE-2016-5128 chromium-browser: same-origin bypass in v8
1358639 - CVE-2016-5129 chromium-browser: memory corruption in v8
1358640 - CVE-2016-5130 chromium-browser: url spoofing
1358641 - CVE-2016-5131 chromium-browser: use-after-free in libxml
1358642 - CVE-2016-5132 chromium-browser: limited same-origin bypass in service workers
1358643 - CVE-2016-5133 chromium-browser: origin confusion in proxy authentication
1358645 - CVE-2016-5134 chromium-browser: url leakage via pac script
1358646 - CVE-2016-5135 chromium-browser: content-security-policy bypass
1358647 - CVE-2016-5136 chromium-browser: use after free in extensions
1358648 - CVE-2016-5137 chromium-browser: history sniffing with hsts and csp
1358649 - CVE-2016-1705 chromium-browser: various fixes from internal audits

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
chromium-browser-52.0.2743.82-1.el6.i686.rpm
chromium-browser-debuginfo-52.0.2743.82-1.el6.i686.rpm

x86_64:
chromium-browser-52.0.2743.82-1.el6.x86_64.rpm
chromium-browser-debuginfo-52.0.2743.82-1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
chromium-browser-52.0.2743.82-1.el6.i686.rpm
chromium-browser-debuginfo-52.0.2743.82-1.el6.i686.rpm

x86_64:
chromium-browser-52.0.2743.82-1.el6.x86_64.rpm
chromium-browser-debuginfo-52.0.2743.82-1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
chromium-browser-52.0.2743.82-1.el6.i686.rpm
chromium-browser-debuginfo-52.0.2743.82-1.el6.i686.rpm

x86_64:
chromium-browser-52.0.2743.82-1.el6.x86_64.rpm
chromium-browser-debuginfo-52.0.2743.82-1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-1705
https://access.redhat.com/security/cve/CVE-2016-1706
https://access.redhat.com/security/cve/CVE-2016-1708
https://access.redhat.com/security/cve/CVE-2016-1709
https://access.redhat.com/security/cve/CVE-2016-1710
https://access.redhat.com/security/cve/CVE-2016-1711
https://access.redhat.com/security/cve/CVE-2016-5127
https://access.redhat.com/security/cve/CVE-2016-5128
https://access.redhat.com/security/cve/CVE-2016-5129
https://access.redhat.com/security/cve/CVE-2016-5130
https://access.redhat.com/security/cve/CVE-2016-5131
https://access.redhat.com/security/cve/CVE-2016-5132
https://access.redhat.com/security/cve/CVE-2016-5133
https://access.redhat.com/security/cve/CVE-2016-5134
https://access.redhat.com/security/cve/CVE-2016-5135
https://access.redhat.com/security/cve/CVE-2016-5136
https://access.redhat.com/security/cve/CVE-2016-5137
https://access.redhat.com/security/updates/classification/#important
http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFXlw9EXlSAg2UNWIIRAmFPAJ95cSuFWs85Rij0mkzmnycHXDcB7QCgp9/A
3gz8MeLuFVxqv1GOIN/1kqU=
=lzZh
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
    

- 漏洞信息 (F138122)

Debian Security Advisory 3637-1 (PacketStormID:F138122)
2016-08-01 00:00:00
Debian  debian.org
advisory,web,vulnerability
linux,debian
CVE-2016-1704,CVE-2016-1705,CVE-2016-1706,CVE-2016-1707,CVE-2016-1708,CVE-2016-1709,CVE-2016-1710,CVE-2016-1711,CVE-2016-5127,CVE-2016-5128,CVE-2016-5129,CVE-2016-5130,CVE-2016-5131,CVE-2016-5132,CVE-2016-5133,CVE-2016-5134,CVE-2016-5135,CVE-2016-5136,CVE-2016-5137
[点击下载]

Debian Linux Security Advisory 3637-1 - Several vulnerabilities have been discovered in the chromium web browser.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3637-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
July 31, 2016                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2016-1704 CVE-2016-1705 CVE-2016-1706 CVE-2016-1707
                 CVE-2016-1708 CVE-2016-1709 CVE-2016-1710 CVE-2016-1711
                 CVE-2016-5127 CVE-2016-5128 CVE-2016-5129 CVE-2016-5130
                 CVE-2016-5131 CVE-2016-5132 CVE-2016-5133 CVE-2016-5134
                 CVE-2016-5135 CVE-2016-5136 CVE-2016-5137

Several vulnerabilities have been discovered in the chromium web browser.

CVE-2016-1704

    The chrome development team found and fixed various issues during
    internal auditing.

CVE-2016-1705

    The chrome development team found and fixed various issues during
    internal auditing.

CVE-2016-1706

    Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox.

CVE-2016-1707

    xisigr discovered a URL spoofing issue.

CVE-2016-1708

    Adam Varsan discovered a use-after-free issue.

CVE-2016-1709

    ChenQin a buffer overflow issue in the sfntly library.

CVE-2016-1710

    Mariusz Mlynski discovered a same-origin bypass.

CVE-2016-1711

    Mariusz Mlynski discovered another same-origin bypass.

CVE-2016-5127

    cloudfuzzer discovered a use-after-free issue.

CVE-2016-5128

    A same-origin bypass issue was discovered in the v8 javascript library.

CVE-2016-5129

    Jeonghoon Shin discovered a memory corruption issue in the v8 javascript
    library.

CVE-2016-5130

    Widih Matar discovered a URL spoofing issue.

CVE-2016-5131

    Nick Wellnhofer discovered a use-after-free issue in the libxml2 library.

CVE-2016-5132

    Ben Kelly discovered a same-origin bypass.

CVE-2016-5133

    Patch Eudor discovered an issue in proxy authentication.

CVE-2016-5134

    Paul Stone discovered an information leak in the Proxy Auto-Config
    feature.

CVE-2016-5135

    ShenYeYinJiu discovered a way to bypass the Content Security Policy.

CVE-2016-5136

    Rob Wu discovered a use-after-free issue.

CVE-2016-5137

    Xiaoyin Liu discovered a way to discover whether an HSTS web side had been
    visited.

For the stable distribution (jessie), these problems have been fixed in
version 52.0.2743.82-1~deb8u1.

For the testing (stretch) and unstable (sid) distributions, these problems
have been fixed in version 52.0.2743.82-1.

We recommend that you upgrade your chromium-browser packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJXnmiAAAoJELjWss0C1vRzfkEf/iAQmyjeea5CZznERzq8DZ19
1/kZRSeEnF+mksPDiAWweFPvuLMrNPbWWJuciG7b6dxhLOHPjzoob0+d7WD73A2V
iAHoHSAUPFlOXImSw2lheamgDOoqlmlIb7FAKe6T9e+WasI8y6S+gbSsClO+L7/n
WU9N1PtCK1A6sizapxv2HlKnBsYDRmVcgsl90poBk/oV+IQ7ztOdEejos+sg7XOP
9g4/vtisSwwwMMv61LyV00IYBfw+Inq/6IVDPB0PrLUMhI+Mn9mwZAIyAdLsJAow
tfySYV2QSgv2MYr+ln04XcMt4uvWDxQ+HJkIY6mRxZG6D4ysmkllCdB9RYvoBY0a
mLrldEcD0+78PlMJEtBZ67WJPHINZhQIuy9dLftBsmw9ZXAeX42t5ZzamXdeU6mL
5bDRxMTm28ZV6d7thH/HQ+jiZjE0xEIneeVPQMZSEKsUj8OdNyfX7zYus2Dagqjx
u/5pZX+HkDujUCXHu8sGE0zOQCEK7fpsYTcSjNdllorBtbVEqQY2w47uSNR3aN2L
ud67Yn9+BtnJhds9lHIlwuEkPBL4doZZmoeLn5o8/mQm6EnHYN9lu4HiAjVjzufK
vQ9mZovxaJAx23cmeLrr3mZyoQ5bc2tKCHVaBlJrA71Th31evIVhNsAZ/h371g3Z
jELZw4o390N0CkiUKGA25LRdPX6KhNi+xJ8VlmAQhvvb5QRyBDAQOvJ9a5309FhH
YWhEmRqZf+i7bPUC0XhcpWyG6AeStDSdLHnleLCkKNYuAiBJBYSXyGlv+mD935Nk
PVFGrPa7U6WpeuEWZoyEzVNVF4IhQZlOspnNloDZiQw277lKNKUjxvUERU0ElK4k
C9KO7U6hVrU/ilW1KgkPjEA1j0kdIX6luUFuh5IPOtkk//WD6BnPZBLCHaRjYp4G
aJXrNOiR2YOcmeqNfoA7q+rtXmXEKj9GNNp0HzgcTZhTEV7/JG+rnplEypADVgOB
yCz5T4nmMMEFJPhDlEr5cH70lZDpZ+Oul8BKAJGsIwbDB9JSTyXMzwoDVD5BO4k8
AwtMdLoXRxxKkQ5f/TUBOiCu7JAmPNl773HFVBbqtA+j3727sXfoc3sffPwIz8yp
AMjYheT4xB3VBzSR+SzW352fz/NmpcoJCcisiVZut70+XCCu+lJZbQ4B0OT04KHa
2rtVpoNf8aUaaXXSlZIjJ4Cl0nefQT5nflJjKb7XcBeXwWpWyT9X4TittKjdlPHT
BNWgKs4iN1xuyqZBKrGf8Ldy2VmNjdTZKeCaDnzHsmvbpl+eeoez58Lp/3dpyZAQ
T02HeL3JM+JRq6RK4KSnwt9LWRP9DnM3kX6mf0SwFzmmzyBU3l72nnN2jG9NBGA=
=YNYq
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F138182)

Ubuntu Security Notice USN-3041-1 (PacketStormID:F138182)
2016-08-05 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,denial of service,arbitrary
linux,ubuntu
CVE-2016-1705,CVE-2016-1706,CVE-2016-1710,CVE-2016-1711,CVE-2016-5127,CVE-2016-5128,CVE-2016-5129,CVE-2016-5130,CVE-2016-5131,CVE-2016-5132,CVE-2016-5133,CVE-2016-5134,CVE-2016-5135,CVE-2016-5137
[点击下载]

Ubuntu Security Notice 3041-1 - Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service or execute arbitrary code. It was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. A remote attacker could potentially exploit this to bypass sandbox protection mechanisms. Various other issues were also addressed.

=========================================================================
Ubuntu Security Notice USN-3041-1
August 05, 2016

oxide-qt vulnerabilities
=========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Oxide.

Software Description:
- oxide-qt: Web browser engine for Qt (QML plugin)

Details:

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service (application crash) or execute arbitrary code. (CVE-2016-1705)


It was discovered that the PPAPI implementation does not validate the
origin of IPC messages to the plugin broker process. A remote attacker
could potentially exploit this to bypass sandbox protection mechanisms.
(CVE-2016-1706)

It was discovered that Blink does not prevent window creation by a
deferred frame. A remote attacker could potentially exploit this to bypas
s
same origin restrictions. (CVE-2016-1710)

It was discovered that Blink does not disable frame navigation during a
detach operation on a DocumentLoader object. A remote attacker could
potentially exploit this to bypass same origin restrictions.
(CVE-2016-1711)

A use-after-free was discovered in Blink. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploi
t
this to cause a denial of service via renderer process crash, or execute
arbitrary code. (CVE-2016-5127)

It was discovered that objects.cc in V8 does not prevent API interceptors

from modifying a store target without setting a property. A remote
attacker could potentially exploit this to bypass same origin
restrictions. (CVE-2016-5128)

A memory corruption was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploi
t
this to cause a denial of service via renderer process crash, or execute
arbitrary code. (CVE-2016-5129)

A security issue was discovered in Chromium. A remote attacker could
potentially exploit this to spoof the currently displayed URL.
(CVE-2016-5130)

A use-after-free was discovered in libxml. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploi
t
this to cause a denial of service via renderer process crash, or execute
arbitrary code. (CVE-2016-5131)

The Service Workers implementation in Chromium does not properly implemen
t
the Secure Contexts specification during decisions about whether to
control a subframe. A remote attacker could potentially exploit this to
bypass same origin restrictions. (CVE-2016-5132)

It was discovered that Chromium mishandles origin information during prox
y
authentication. A man-in-the-middle attacker could potentially exploit th
is
to spoof a proxy authentication login prompt. (CVE-2016-5133)

It was discovered that the Proxy Auto-Config (PAC) feature in Chromium
does not ensure that URL information is restricted to a scheme, host and
port. A remote attacker could potentially exploit this to obtain sensitiv
e
information. (CVE-2016-5134)

It was discovered that Blink does not consider referrer-policy informatio
n
inside an HTML document during a preload request. A remote attacker could

potentially exploit this to bypass Content Security Policy (CSP)
protections. (CVE-2016-5135)

It was discovered that the Content Security Policy (CSP) implementation i
n
Blink does not apply http :80 policies to https :443 URLs. A remote
attacker could potentially exploit this to determine whether a specific
HSTS web site has been visited by reading a CSP report. (CVE-2016-5137)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  liboxideqtcore0                 1.16.5-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  liboxideqtcore0                 1.16.5-0ubuntu0.14.04.1

In general, a standard system update will make all the necessary changes.


References:
  http://www.ubuntu.com/usn/usn-3041-1
  CVE-2016-1705, CVE-2016-1706, CVE-2016-1710, CVE-2016-1711,
  CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130,
  CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134,
  CVE-2016-5135, CVE-2016-5137

Package Information:
  https://launchpad.net/ubuntu/+source/oxide-qt/1.16.5-0ubuntu0.16.04.1
  https://launchpad.net/ubuntu/+source/oxide-qt/1.16.5-0ubuntu0.14.04.1



    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站