cnvd - cnvd-2018-02570

CNVD-2018-02570

Vulnerability from cnvd - Published: 2018-02-01

Title

Electric Sheep Fencing pfsense点击劫持漏洞

Description

Electric Sheep Fencing pfsense是美国Electric Sheep Fencing公司的一套免费开源的基于FreeBSD的防火墙和路由器软件。 Electric Sheep Fencing pfSense 2.4.1及之前的版本中存在点击劫持漏洞。攻击者可利用该漏洞执行任意代码。

Severity

中

Patch Name

Electric Sheep Fencing pfsense点击劫持漏洞的补丁

Patch Description

Electric Sheep Fencing pfsense是美国Electric Sheep Fencing公司的一套免费开源的基于FreeBSD的防火墙和路由器软件。 Electric Sheep Fencing pfSense 2.4.1及之前的版本中存在点击劫持漏洞。攻击者可利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： http://www.openwall.com/lists/oss-security/2017/11/22/7

Reference

http://www.openwall.com/lists/oss-security/2017/11/22/7

Impacted products

Name
Electric Sheep Fencing LLC. pfSense <=2.4.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-1000479"
    }
  },
  "description": "Electric Sheep Fencing pfsense\u662f\u7f8e\u56fdElectric Sheep Fencing\u516c\u53f8\u7684\u4e00\u5957\u514d\u8d39\u5f00\u6e90\u7684\u57fa\u4e8eFreeBSD\u7684\u9632\u706b\u5899\u548c\u8def\u7531\u5668\u8f6f\u4ef6\u3002\r\n\r\nElectric Sheep Fencing pfSense 2.4.1\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.openwall.com/lists/oss-security/2017/11/22/7",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-02570",
  "openTime": "2018-02-01",
  "patchDescription": "Electric Sheep Fencing pfsense\u662f\u7f8e\u56fdElectric Sheep Fencing\u516c\u53f8\u7684\u4e00\u5957\u514d\u8d39\u5f00\u6e90\u7684\u57fa\u4e8eFreeBSD\u7684\u9632\u706b\u5899\u548c\u8def\u7531\u5668\u8f6f\u4ef6\u3002\r\n\r\nElectric Sheep Fencing pfSense 2.4.1\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Electric Sheep Fencing pfsense\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Electric Sheep Fencing LLC. pfSense \u003c=2.4.1"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2017/11/22/7",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-04",
  "title": "Electric Sheep Fencing pfsense\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e"
}

CVE-2017-1000479 (GCVE-0-2017-1000479)

Vulnerability from cvelistv5 – Published: 2018-01-03 18:00 – Updated: 2024-08-05 22:00

Summary

pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://doc.pfsense.org/index.php/2.4.2_New_Featu…	x_refsource_MISC
	https://www.netgate.com/blog/pfsense-2-4-2-releas…	x_refsource_MISC
	https://github.com/opnsense/core/commit/d218b225	x_refsource_MISC
	https://www.securify.nl/en/advisory/SFY20171101/c…	x_refsource_MISC
	https://github.com/pfsense/pfsense/commit/386d89b07	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2017/11/22/7	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:00:41.563Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/opnsense/core/commit/d218b225"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.securify.nl/en/advisory/SFY20171101/clickjacking-vulnerability-in-csrf-error-page-pfsense.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pfsense/pfsense/commit/386d89b07"
          },
          {
            "name": "[oss-security] 20171122 Clickjacking vulnerability in CSRF error page pfSense",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/11/22/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2017-12-29T00:00:00",
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under \"possibly insecure\" suspicions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/opnsense/core/commit/d218b225"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.securify.nl/en/advisory/SFY20171101/clickjacking-vulnerability-in-csrf-error-page-pfsense.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pfsense/pfsense/commit/386d89b07"
        },
        {
          "name": "[oss-security] 20171122 Clickjacking vulnerability in CSRF error page pfSense",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/11/22/7"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2017-12-29",
          "ID": "CVE-2017-1000479",
          "REQUESTER": "franco@opnsense.org",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under \"possibly insecure\" suspicions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes",
              "refsource": "MISC",
              "url": "https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes"
            },
            {
              "name": "https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html",
              "refsource": "MISC",
              "url": "https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html"
            },
            {
              "name": "https://github.com/opnsense/core/commit/d218b225",
              "refsource": "MISC",
              "url": "https://github.com/opnsense/core/commit/d218b225"
            },
            {
              "name": "https://www.securify.nl/en/advisory/SFY20171101/clickjacking-vulnerability-in-csrf-error-page-pfsense.html",
              "refsource": "MISC",
              "url": "https://www.securify.nl/en/advisory/SFY20171101/clickjacking-vulnerability-in-csrf-error-page-pfsense.html"
            },
            {
              "name": "https://github.com/pfsense/pfsense/commit/386d89b07",
              "refsource": "MISC",
              "url": "https://github.com/pfsense/pfsense/commit/386d89b07"
            },
            {
              "name": "[oss-security] 20171122 Clickjacking vulnerability in CSRF error page pfSense",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/11/22/7"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-1000479",
    "datePublished": "2018-01-03T18:00:00",
    "dateReserved": "2018-01-03T00:00:00",
    "dateUpdated": "2024-08-05T22:00:41.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-02570

CVE-2017-1000479 (GCVE-0-2017-1000479)

Tags

Sightings

Nomenclature