← Back to CVEs
CVE-2016-8742
N/ADescription
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
CVE Details
CVSS v3.1 ScoreN/A
Published2/12/2018
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
apache:couchdbmicrosoft:windows
Weaknesses (CWE)
CWE-264
References
http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E(security@apache.org)
http://www.securityfocus.com/bid/94766(security@apache.org)
https://www.exploit-db.com/exploits/40865/(security@apache.org)
http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/94766(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40865/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.