CVE-2017-12189

jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.

Se ha descubierto que el script init jboss, tal y como se usa en Red Hat JBoss Enterprise Application Platform 7.0.7.GA, gestionaba archivos de manera no segura, lo que podría resultar en un escalado de privilegios local. Este problema es el resultado de una solución incompleta para CVE-2016-8656.

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-01 CVE Reserved
2018-01-03 CVE Published
2024-08-05 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-282: Improper Ownership Management

CAPEC

References (8)

URL	Tag	Source
http://www.securityfocus.com/bid/102407	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189	Issue Tracking

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2018:0002	2019-10-09
https://access.redhat.com/errata/RHSA-2018:0003	2019-10-09
https://access.redhat.com/errata/RHSA-2018:0004	2019-10-09
https://access.redhat.com/errata/RHSA-2018:0005	2019-10-09

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2017-12189	2018-01-03
https://bugzilla.redhat.com/show_bug.cgi?id=1499631	2018-01-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"				7.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"		-		Affected