CVE-2017-11610 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Supervisor affects v. 3.0a1 < 3.3.2.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Domain, Ipv4
Toolbox
-
Supervisor is a popular process management tool used for controlling and monitoring applications in a Unix-like environment. It is designed to provide a convenient way to manage process lifecycle management, including starting, stopping, and restarting of processes. With Supervisor, system administrators can automate processes and manage them from a central location.
A security vulnerability, CVE-2017-11610, has been detected in Supervisor versions before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3. This vulnerability poses a serious threat to the security of the system. The flaw lies in the XML-RPC server of Supervisor, which enables remote authenticated users to execute arbitrary commands by sending a specially crafted XML-RPC request. This vulnerability is caused by nested supervisord namespace lookups.
Exploitation of this vulnerability can lead to unauthorized access to sensitive information, system instability, and complete system compromise. It is a severe threat to the confidentiality, integrity, and availability of the system and can have detrimental effects on the business operations of an organization. An attacker can exploit this vulnerability to gain access to sensitive data, such as personal information, financial data, and intellectual property. Moreover, they can also use it to launch attacks, such as distributed denial of service (DDoS) attacks and malware infections.
Thanks to the pro features of the s4e.io platform, readers can easily and quickly learn about vulnerabilities in their digital assets and take appropriate actions to secure their systems. The platform provides proactive security assessments, automatic vulnerability scanning, and threat intelligence feeds to help organizations stay ahead of the latest cyber threats. With its user-friendly interface and powerful features, the platform is a must-have tool for any organization that takes security seriously.
REFERENCES
- http://www.debian.org/security/2017/dsa-3942
- https://access.redhat.com/errata/RHSA-2017:3005
- https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt
- https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt
- https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt
- https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt
- https://github.com/Supervisor/supervisor/issues/964
- https://lists.fedoraproject.org/archives/list/[email protected]/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/
- https://security.gentoo.org/glsa/201709-06
- https://www.exploit-db.com/exploits/42779/