CVE-2018-1036
CVSS6.9
发布时间 :2018-06-14 08:29:00
修订时间 :2018-06-18 09:23:12
NMPS    

[原文]An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 6.9 [中等(MEDIUM)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_10:-
cpe:/o:microsoft:windows_10:1607
cpe:/o:microsoft:windows_10:1703
cpe:/o:microsoft:windows_10:1709
cpe:/o:microsoft:windows_10:1803
cpe:/o:microsoft:windows_7:-:sp1
cpe:/o:microsoft:windows_8.1:-
cpe:/o:microsoft:windows_rt_8.1:-
cpe:/o:microsoft:windows_server_2008:-:sp2Microsoft Windows Server 2008 Service Pack 2
cpe:/o:microsoft:windows_server_2008:-:sp2:~~itanium~~~
cpe:/o:microsoft:windows_server_2008:r2:sp1Microsoft Windows Server 2008 R2 Service Pack 1
cpe:/o:microsoft:windows_server_2008:r2:sp1:~~itanium~~~
cpe:/o:microsoft:windows_server_2012:-Microsoft Windows Server 2012
cpe:/o:microsoft:windows_server_2012:r2
cpe:/o:microsoft:windows_server_2016:-
cpe:/o:microsoft:windows_server_2016:1709
cpe:/o:microsoft:windows_server_2016:1803

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1036
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1036
(官方数据源) NVD

- 其它链接及资源

http://www.securityfocus.com/bid/104360
(VENDOR_ADVISORY)  BID  104360
http://www.securitytracker.com/id/1041111
(VENDOR_ADVISORY)  SECTRACK  1041111
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1036
(VENDOR_ADVISORY)  CONFIRM  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1036

- 漏洞信息 (F147372)

October CMS User 1.4.5 Cross Site Scripting (PacketStormID:F147372)
2018-04-26 00:00:00
0xB9  
exploit,xss
CVE-2018-10366
[点击下载]

October CMS User plugin version 1.4.5 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting
# Date: 2018-04-03
# Author: 0xB9
# Software Link: https://octobercms.com/plugin/rainlab-user
# Version: 1.4.5
# Tested on: Ubuntu 17.10
# CVE: CVE-2018-10366
 
#1. Description:
Front-end user management for October CMS. Allows visitors to create a website.
 
#2. Proof of Concept:
 
Persistent XSS
- Go to the account page localhost/OctoberCMS/account/
- Register & enter the following for your full name <p """><SCRIPT>alert("XSS")</SCRIPT>">
- You will be alerted everytime you visit the account page localhost/OctoberCMS/account/
 
#3. Solution:
Update to 1.4.6


    

- 漏洞信息 (F148192)

Ubuntu Security Notice USN-3686-1 (PacketStormID:F148192)
2018-06-14 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,arbitrary
linux,ubuntu
CVE-2014-9620,CVE-2014-9621,CVE-2014-9653,CVE-2015-8865,CVE-2018-10360
[点击下载]

Ubuntu Security Notice 3686-1 - Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3686-1
June 14, 2018

file vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in file.

Software Description:
- file: Tool to determine file types

Details:

Alexander Cherepanov discovered that file incorrectly handled a large
number of notes. An attacker could use this issue to cause a denial of
service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620)

Alexander Cherepanov discovered that file incorrectly handled certain long
strings. An attacker could use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620)

Alexander Cherepanov discovered that file incorrectly handled certain
malformed ELF files. An attacker could use this issue to cause a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS. (CVE-2014-9653)

It was discovered that file incorrectly handled certain magic files. An
attacker could use this issue with a specially crafted magic file to cause
a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 14.04 LTS. (CVE-2015-8865)

It was discovered that file incorrectly handled certain malformed ELF
files. An attacker could use this issue to cause a denial of service.
(CVE-2018-10360)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  file                            1:5.32-2ubuntu0.1
  libmagic1                       1:5.32-2ubuntu0.1

Ubuntu 17.10:
  file                            1:5.32-1ubuntu0.1
  libmagic1                       1:5.32-1ubuntu0.1

Ubuntu 16.04 LTS:
  file                            1:5.25-2ubuntu1.1
  libmagic1                       1:5.25-2ubuntu1.1

Ubuntu 14.04 LTS:
  file                            1:5.14-2ubuntu3.4
  libmagic1                       1:5.14-2ubuntu3.4

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/usn/usn-3686-1
  CVE-2014-9620, CVE-2014-9621, CVE-2014-9653, CVE-2015-8865,
  CVE-2018-10360

Package Information:
  https://launchpad.net/ubuntu/+source/file/1:5.32-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/file/1:5.32-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/file/1:5.25-2ubuntu1.1
  https://launchpad.net/ubuntu/+source/file/1:5.14-2ubuntu3.4

    

- 漏洞信息 (F148285)

Gentoo Linux Security Advisory 201806-08 (PacketStormID:F148285)
2018-06-23 00:00:00
Gentoo  security.gentoo.org
advisory,denial of service
linux,gentoo
CVE-2018-10360
[点击下载]

Gentoo Linux Security Advisory 201806-8 - A vulnerability in file could lead to a Denial of Service condition. Versions less than 5.33-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201806-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: file: Denial of service
     Date: June 23, 2018
     Bugs: #657930
       ID: 201806-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability in file could lead to a Denial of Service condition.

Background
==========

file is a utility that guesses a file format by scanning binary data
for patterns.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  sys-apps/file               < 5.33-r2                 >= 5.33-r2 

Description
===========

File does not properly utilize the do_core_note function in readelf.c
in libmagic.a.

Impact
======

A remote attacker could send a specially crafted ELF file possibly
resulting in a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All file users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=sys-apps/file-5.33-r2"

References
==========

[ 1 ] CVE-2018-10360
      https://nvd.nist.gov/vuln/detail/CVE-2018-10360

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201806-08

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2018 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
    

- 漏洞信息 (F148367)

Ubuntu Security Notice USN-3686-2 (PacketStormID:F148367)
2018-06-29 00:00:00
Ubuntu  security.ubuntu.com
advisory,denial of service,arbitrary
linux,ubuntu
CVE-2015-8865,CVE-2018-10360
[点击下载]

Ubuntu Security Notice 3686-2 - USN-3686-1 fixed a vulnerability in file. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3686-2
June 28, 2018

file vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in file.

Software Description:
- file: Tool to determine file types

Details:

USN-3686-1 fixed a vulnerability in file. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that file incorrectly handled certain magic files.
 An attacker could use this issue with a specially crafted magic file
 to cause a denial of service, or possibly execute arbitrary code.
 (CVE-2015-8865)

 It was discovered that file incorrectly handled certain malformed ELF
 files. An attacker could use this issue to cause a denial of service.
 (CVE-2018-10360)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  file                            5.09-2ubuntu0.7
  libmagic1                       5.09-2ubuntu0.7

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3686-2
  https://usn.ubuntu.com/usn/usn-3686-1
  CVE-2015-8865, CVE-2018-10360
    

- 漏洞信息

Microsoft Windows NTFS CVE-2018-1036 Local Privilege Escalation Vulnerability
Unknown 104360
No Yes
2018-06-12 12:00:00 2018-06-12 12:00:00
René Freingruber (@ReneFreingruber), SEC Consult (@sec_consult).

- 受影响的程序版本

Microsoft Windows Server 2016 0
Microsoft Windows Server 2012 R2 0
Microsoft Windows Server 2012 0
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows RT 8.1
Microsoft Windows 8.1 for 64-bit Systems 0
Microsoft Windows 8.1 for 32-bit Systems 0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 10 Version 1803 for x64-based Systems 0
Microsoft Windows 10 Version 1803 for 32-bit Systems 0
Microsoft Windows 10 version 1709 for x64-based Systems 0
Microsoft Windows 10 version 1709 for 32-bit Systems 0
Microsoft Windows 10 version 1703 for x64-based Systems 0
Microsoft Windows 10 version 1703 for 32-bit Systems 0
Microsoft Windows 10 Version 1607 for x64-based Systems 0
Microsoft Windows 10 Version 1607 for 32-bit Systems 0
Microsoft Windows 10 for x64-based Systems 0
Microsoft Windows 10 for 32-bit Systems 0

- 漏洞讨论

Microsoft Windows is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站