CVE-2017-17562 — HIGH (8.1)

Q: How severe is CVE-2017-17562?

CVE-2017-17562 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-17562?

Check the references section above for vendor advisories and patch information. Affected products include: Embedthis Goahead, Oracle Integrated Lights Out Manager.

Vulnerability Description

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Embedthis	Goahead	< 3.6.5
Oracle	Integrated Lights Out Manager	3.0

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatchThird Party Advisory
http://www.securitytracker.com/id/1040702Broken LinkThird Party AdvisoryVDB Entry
https://github.com/elttam/advisories/tree/master/CVE-2017-17562Broken LinkThird Party Advisory
https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7cBroken LinkPatchThird Party Advisory
https://github.com/embedthis/goahead/issues/249Broken LinkIssue TrackingThird Party Advisory
https://www.elttam.com.au/blog/goahead/Broken LinkExploitPatch
https://www.exploit-db.com/exploits/43360/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/43877/ExploitThird Party AdvisoryVDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatchThird Party Advisory
http://www.securitytracker.com/id/1040702Broken LinkThird Party AdvisoryVDB Entry
https://github.com/elttam/advisories/tree/master/CVE-2017-17562Broken LinkThird Party Advisory
https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7cBroken LinkPatchThird Party Advisory
https://github.com/embedthis/goahead/issues/249Broken LinkIssue TrackingThird Party Advisory
https://www.elttam.com.au/blog/goahead/Broken LinkExploitPatch
https://www.exploit-db.com/exploits/43360/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2017-17562?

CVE-2017-17562 is a vulnerability with a CVSS score of 8.1 (HIGH). Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untr...

How severe is CVE-2017-17562?

CVE-2017-17562 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17562?

Check the references section above for vendor advisories and patch information. Affected products include: Embedthis Goahead, Oracle Integrated Lights Out Manager.