Vulnerability-Lookup

CNVD-2018-24656

Vulnerability from cnvd - Published: 2018-12-06

Title

SolarWinds SFTP不安全密码存储漏洞

Description

SolarWinds SFTP是一款FTP服务程序。 SolarWinds SFTP存在不安全密码存储漏洞。该漏洞是由于配置文件是全局可读和可写的，并以不安全的方式存储用户密码，允许攻击者为潜在特权帐户确定密码。同时也给攻击者提供了后退服务器的能力。

Severity

中

Patch Name

SolarWinds SFTP不安全密码存储漏洞的补丁

Patch Description

SolarWinds SFTP是一款FTP服务程序。 SolarWinds SFTP存在不安全密码存储漏洞。该漏洞是由于配置文件是全局可读和可写的，并以不安全的方式存储用户密码，允许攻击者为潜在特权帐户确定密码。同时也给攻击者提供了后退服务器的能力。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://seclists.org/fulldisclosure/2018/Dec/0

Reference

https://seclists.org/fulldisclosure/2018/Dec/0

Impacted products

Name
SolarWinds SFTP/SCP Server 2018-09-10

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-16791"
    }
  },
  "description": "SolarWinds SFTP\u662f\u4e00\u6b3eFTP\u670d\u52a1\u7a0b\u5e8f\u3002\n\nSolarWinds SFTP\u5b58\u5728\u4e0d\u5b89\u5168\u5bc6\u7801\u5b58\u50a8\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u914d\u7f6e\u6587\u4ef6\u662f\u5168\u5c40\u53ef\u8bfb\u548c\u53ef\u5199\u7684\uff0c\u5e76\u4ee5\u4e0d\u5b89\u5168\u7684\u65b9\u5f0f\u5b58\u50a8\u7528\u6237\u5bc6\u7801\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u4e3a\u6f5c\u5728\u7279\u6743\u5e10\u6237\u786e\u5b9a\u5bc6\u7801\u3002\u540c\u65f6\u4e5f\u7ed9\u653b\u51fb\u8005\u63d0\u4f9b\u4e86\u540e\u9000\u670d\u52a1\u5668\u7684\u80fd\u529b\u3002",
  "discovererName": "Alex Craggs",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://seclists.org/fulldisclosure/2018/Dec/0",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-24656",
  "openTime": "2018-12-06",
  "patchDescription": "SolarWinds SFTP\u662f\u4e00\u6b3eFTP\u670d\u52a1\u7a0b\u5e8f\u3002\r\n\r\nSolarWinds SFTP\u5b58\u5728\u4e0d\u5b89\u5168\u5bc6\u7801\u5b58\u50a8\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u914d\u7f6e\u6587\u4ef6\u662f\u5168\u5c40\u53ef\u8bfb\u548c\u53ef\u5199\u7684\uff0c\u5e76\u4ee5\u4e0d\u5b89\u5168\u7684\u65b9\u5f0f\u5b58\u50a8\u7528\u6237\u5bc6\u7801\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u4e3a\u6f5c\u5728\u7279\u6743\u5e10\u6237\u786e\u5b9a\u5bc6\u7801\u3002\u540c\u65f6\u4e5f\u7ed9\u653b\u51fb\u8005\u63d0\u4f9b\u4e86\u540e\u9000\u670d\u52a1\u5668\u7684\u80fd\u529b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SolarWinds SFTP\u4e0d\u5b89\u5168\u5bc6\u7801\u5b58\u50a8\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SolarWinds SFTP/SCP Server 2018-09-10"
  },
  "referenceLink": "https://seclists.org/fulldisclosure/2018/Dec/0",
  "serverity": "\u4e2d",
  "submitTime": "2018-12-06",
  "title": "SolarWinds SFTP\u4e0d\u5b89\u5168\u5bc6\u7801\u5b58\u50a8\u6f0f\u6d1e"
}

CVE-2018-16791 (GCVE-0-2018-16791)

Vulnerability from cvelistv5 – Published: 2018-12-05 22:00 – Updated: 2024-08-05 10:32

Summary

In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

1 reference

URL	Tags
https://seclists.org/fulldisclosure/2018/Dec/0	mailing-listx_refsource_FULLDISC

Date Public

2018-12-01 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:32:53.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20181201 SolarWinds SFTP Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/fulldisclosure/2018/Dec/0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-12-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-05T21:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20181201 SolarWinds SFTP Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "https://seclists.org/fulldisclosure/2018/Dec/0"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-16791",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20181201 SolarWinds SFTP Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "https://seclists.org/fulldisclosure/2018/Dec/0"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-16791",
    "datePublished": "2018-12-05T22:00:00.000Z",
    "dateReserved": "2018-09-10T00:00:00.000Z",
    "dateUpdated": "2024-08-05T10:32:53.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-24656

CVE-2018-16791 (GCVE-0-2018-16791)

Tags

Sightings

Nomenclature