Vulnerability CVE-2017-9270

Vulnerability Name:

CVE-2017-9270 (CCN-139853)

Assigned:

2017-05-31

Published:

2017-05-31

Updated:

2019-10-09

Summary:

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database.

CVSS v3 Severity:

9.1 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
7.9 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

8.5 High (CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2017-9270

Source: CCN
Type: Bugzilla Bug 1041963
VUL-0: CVE-2017-9270: cryptctl: post-auth arbitrary file write on cryptctl server

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1041963

Source: XF
Type: UNKNOWN
suse-cve20179270-sec-bypass(139853)

Source: CCN
Type: cryptctl GIT Repository
cryptctl

Source: SUSE
Type: Vendor Advisory
SUSE-SU-2017:1865

Source: CONFIRM
Type: Vendor Advisory
https://www.suse.com/de-de/security/cve/CVE-2017-9270/

Vulnerable Configuration:

Configuration 1:

cpe:/a:opensuse:cryptctl:2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20179270	V	CVE-2017-9270	2022-05-20
oval:org.opensuse.security:def:15837	P	libqt4-devel-4.8.6-4.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15668	P	libvirt-devel-1.2.5-13.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15864	P	libzip-devel-0.11.1-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15789	P	libapr1-1.5.1-2.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15477	P	perl-LWP-Protocol-https-6.04-5.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16525	P	libjasper-devel-1.900.14-195.8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15573	P	gc-devel-7.2d-3.77 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15469	P	pam-modules-12.1-23.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15644	P	libpacemaker-devel-1.1.12-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15848	P	libssh-devel-0.6.3-8.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15762	P	icecream-1.0.1-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16502	P	libcurl-devel-7.60.0-2.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15503	P	squashfs-4.3-6.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15624	P	libgnutls-devel-3.2.15-1.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:39188	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:39428	P	Security update for python-urllib3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:39883	P	Security update for dovecot22 (Moderate)	2020-12-01
oval:org.opensuse.security:def:39576	P	Security update for X Window System client libraries (Moderate)	2020-12-01
oval:org.opensuse.security:def:39956	P	Security update for apache2-mod_nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:39795	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:39104	P	libiso9660-8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40636	P	Security update for cryptctl (Important)	2020-12-01
oval:org.opensuse.security:def:39325	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:39092	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39844	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:39486	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:39911	P	Security update for tomcat (Moderate)	2020-12-01
oval:org.opensuse.security:def:39736	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:39093	P	lhasa on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40594	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP1) (Important)	2020-12-01

BACK