CVE-2016-8742— Apache CouchDB for Windows Windows installer 权限许可和访问控制漏洞

N/A

The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.

N/A

N/A

Apache CouchDB for Windows Windows installer 权限许可和访问控制漏洞

Apache CouchDB for Windows是美国阿帕奇（Apache）软件基金会的一个基于Windows平台的免费、开源、面向文档的数据库，是一个使用JSON作为存储格式，JavaScript作为查询语言，MapReduce和HTTP作为API的NoSQL数据库。Windows installer是其中的一个安装程序。 基于Windows平台的Apache CouchDB 2.0.0版本中的Windows installer存在本地提权漏洞。攻击者可利用该漏洞提交可执行文件、CouchDB批处理

N/A

N/A