SB2018010917 - Multiple vulnerabilities in CPP and Parity Ethereum
Published: January 9, 2018 Updated: January 12, 2018
Security Bulletin ID
SB2018010917
Severity
Medium
Patch available
NO
Number of vulnerabilities
10
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Improper authorization (CVE-ID: CVE-2017-12112)
The vulnerability allows a remote attacker to bypass authorization on the target system.The weakness exists in admin_addPeer API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.
2) Improper authorization (CVE-ID: CVE-2017-12113)
The vulnerability allows a remote attacker to bypass authorization on the target system.The weakness exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.
3) Improper authorization (CVE-ID: CVE-2017-12114)
The vulnerability allows a remote attacker to bypass authorization on the target system.The weakness exists in admin_peers API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.
4) Improper authorization (CVE-ID: CVE-2017-12115)
The vulnerability allows a remote attacker to bypass authorization on the target system.The weakness exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.
5) Improper authorization (CVE-ID: CVE-2017-12116)
The vulnerability allows a remote attacker to bypass authorization on the target system.The weakness exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.
6) Improper authorization (CVE-ID: CVE-2017-12117)
The vulnerability allows a remote attacker to bypass authorization on the target system.The weakness exists in miner_start API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.
7) Improper authorization (CVE-ID: CVE-2017-12118)
The vulnerability allows a remote attacker to bypass authorization on the target system.The weakness exists in miner_stop API of cpp-ethereum's JSON-RPC due to improper authorization. A remote attacker can make a specially crafted JSON request, gain access to the restricted functionality and bypass authorization.
8) Denial of service (CVE-ID: CVE-2017-12119)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in multiple APIs of CPP-Ethereum's JSON-RPC due to an insufficient validation of user-supplied input. A remote attacker can make a specially crafted JSON request, trigger a unhandled exception and cause the application to crash.
9) Out-of-bounds read (CVE-ID: CVE-2017-14457)
The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.The weakness exists due to an insufficient validation of user-supplied input. A remote attacker can create and send a specially crafted smart contract containing malicious code, trigger an out-of-bounds read and gain access to arbitrary data or cause the application to crash.
10) Privilege escalation (CVE-ID: CVE-2017-14460)
The vulnerability allows a remote attacker to gain elevated privileges on the target system.The weakness exists due to an insufficient validation of user-supplied input. A remote attacker can send JSON object to JSON-RPC endpoint, trick the victim into visiting a specially crafted website, trigger overly permissive cross-domain (CORS) whitelist vulnerability in JSON-RPC and gain elevated privileges to perform further attacks.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0464
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0465
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0466
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0467
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0468
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0469
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0470
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0471
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0503
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508