cnvd - cnvd-2018-09648

CNVD-2018-09648

Vulnerability from cnvd - Published: 2018-05-17

Title

7-Zip访问限制绕过漏洞

Description

7-Zip for Windows是一套基于Windows平台的免费的、开源的压缩/解压缩软件。基于Windows平台的7-Zip 18.01及之前版本中存在安全漏洞，该漏洞源于程序通过调用‘LsaAddAccountRights’函数实现‘较大内存页面’选项，来向用户账户添加SeLockMemoryPrivilege权限。攻击者可通过使用SeLockMemoryPrivilege权限利用该漏洞绕过访问限制。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.7-zip.org/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-10172

Impacted products

Name
7-Zip 7-Zip <=18.01

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10172"
    }
  },
  "description": "7-Zip for Windows\u662f\u4e00\u5957\u57fa\u4e8eWindows\u5e73\u53f0\u7684\u514d\u8d39\u7684\u3001\u5f00\u6e90\u7684\u538b\u7f29/\u89e3\u538b\u7f29\u8f6f\u4ef6\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u76847-Zip 18.01\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u901a\u8fc7\u8c03\u7528\u2018LsaAddAccountRights\u2019\u51fd\u6570\u5b9e\u73b0\u2018\u8f83\u5927\u5185\u5b58\u9875\u9762\u2019\u9009\u9879\uff0c\u6765\u5411\u7528\u6237\u8d26\u6237\u6dfb\u52a0SeLockMemoryPrivilege\u6743\u9650\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528SeLockMemoryPrivilege\u6743\u9650\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\u3002",
  "discovererName": "Igor Pavlov",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.7-zip.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09648",
  "openTime": "2018-05-17",
  "products": {
    "product": "7-Zip 7-Zip \u003c=18.01"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-10172",
  "serverity": "\u9ad8",
  "submitTime": "2018-04-17",
  "title": "7-Zip\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2018-10172 (GCVE-0-2018-10172)

Vulnerability from cvelistv5 – Published: 2018-04-16 22:00 – Updated: 2024-08-05 07:32

Summary

7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://sourceforge.net/p/sevenzip/discussion/457…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:32:01.623Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/sevenzip/discussion/45797/thread/e730c709/?limit=25\u0026page=1#b240"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "7-Zip through 18.01 on Windows implements the \"Large memory pages\" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user\u0027s account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-08T21:31:51.548670",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://sourceforge.net/p/sevenzip/discussion/45797/thread/e730c709/?limit=25\u0026page=1#b240"
        }
      ],
      "tags": [
        "disputed"
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10172",
    "datePublished": "2018-04-16T22:00:00",
    "dateReserved": "2018-04-16T00:00:00",
    "dateUpdated": "2024-08-05T07:32:01.623Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-09648

CVE-2018-10172 (GCVE-0-2018-10172)

Tags

Sightings

Nomenclature