Candidate: CVE-2016-8742
PublicDate: 2018-02-12 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8742
 http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E
Description:
 The Windows installer that the Apache CouchDB team provides was vulnerable
 to local privilege escalation. All files in the install inherit the file
 permissions of the parent directory and therefore a non-privileged user can
 substitute any executable for the nssm.exe service launcher, or CouchDB
 batch or binary files. A subsequent service or server restart will then run
 that binary with administrator privilege. This issue affected CouchDB 2.0.0
 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
Ubuntu-Description:
Notes:
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_couchedb:
upstream_couchedb: needs-triage
precise/esm_couchedb: DNE
trusty_couchedb: DNE
trusty/esm_couchedb: DNE
xenial_couchedb: DNE
artful_couchedb: DNE
devel_couchedb: DNE