Permalink
CVE-2018-1160
9.8 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created automatic suggestion
- @LeSuisse dismissed
Netatalk before 3.1.12 is vulnerable to an out of bounds …
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
References
- https://www.tenable.com/security/research/tra-2018-48 x_refsource_MISC
- DSA-4356 vendor-advisory x_refsource_DEBIAN
- 46675 x_refsource_EXPLOIT-DB exploit
- http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass… x_refsource_MISC
- http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html x_refsource_CONFIRM
- https://attachments.samba.org/attachment.cgi?id=14735 x_refsource_MISC
- 106301 vdb-entry x_refsource_BID
- 46034 x_refsource_EXPLOIT-DB exploit
- https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/ x_refsource_MISC
- 46048 x_refsource_EXPLOIT-DB exploit
- https://www.synology.com/security/advisory/Synology_SA_18_62 x_refsource_CONFIRM
- http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html x_transferred x_refsource_CONFIRM
- https://attachments.samba.org/attachment.cgi?id=14735 x_transferred x_refsource_MISC
- 106301 x_transferred vdb-entry x_refsource_BID
- 46034 x_refsource_EXPLOIT-DB x_transferred exploit
- https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/ x_transferred x_refsource_MISC
- 46048 x_refsource_EXPLOIT-DB x_transferred exploit
- https://www.synology.com/security/advisory/Synology_SA_18_62 x_transferred x_refsource_CONFIRM
- https://www.tenable.com/security/research/tra-2018-48 x_transferred x_refsource_MISC
- DSA-4356 vendor-advisory x_refsource_DEBIAN x_transferred
- 46675 x_refsource_EXPLOIT-DB x_transferred exploit
- http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass… x_transferred x_refsource_MISC
- 46048 x_refsource_EXPLOIT-DB exploit
- https://www.synology.com/security/advisory/Synology_SA_18_62 x_refsource_CONFIRM
- https://www.tenable.com/security/research/tra-2018-48 x_refsource_MISC
- DSA-4356 vendor-advisory x_refsource_DEBIAN
- 46675 x_refsource_EXPLOIT-DB exploit
- http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass… x_refsource_MISC
- http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html x_refsource_CONFIRM
- https://attachments.samba.org/attachment.cgi?id=14735 x_refsource_MISC
- 106301 vdb-entry x_refsource_BID
- 46034 x_refsource_EXPLOIT-DB exploit
- https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/ x_refsource_MISC
- http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html x_transferred x_refsource_CONFIRM
- https://attachments.samba.org/attachment.cgi?id=14735 x_transferred x_refsource_MISC
- 106301 x_transferred vdb-entry x_refsource_BID
- 46034 x_refsource_EXPLOIT-DB x_transferred exploit
- https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/ x_transferred x_refsource_MISC
- 46048 x_refsource_EXPLOIT-DB x_transferred exploit
- https://www.synology.com/security/advisory/Synology_SA_18_62 x_transferred x_refsource_CONFIRM
- https://www.tenable.com/security/research/tra-2018-48 x_transferred x_refsource_MISC
- DSA-4356 vendor-advisory x_refsource_DEBIAN x_transferred
- 46675 x_refsource_EXPLOIT-DB x_transferred exploit
- http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass… x_transferred x_refsource_MISC
- DSA-4356 vendor-advisory x_refsource_DEBIAN
- 46675 x_refsource_EXPLOIT-DB exploit
- http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass… x_refsource_MISC
- http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html x_refsource_CONFIRM
- https://attachments.samba.org/attachment.cgi?id=14735 x_refsource_MISC
- 106301 vdb-entry x_refsource_BID
- 46034 x_refsource_EXPLOIT-DB exploit
- https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/ x_refsource_MISC
- 46048 x_refsource_EXPLOIT-DB exploit
- https://www.synology.com/security/advisory/Synology_SA_18_62 x_refsource_CONFIRM
- https://www.tenable.com/security/research/tra-2018-48 x_refsource_MISC
- http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html x_transferred x_refsource_CONFIRM
- https://attachments.samba.org/attachment.cgi?id=14735 x_transferred x_refsource_MISC
- 106301 x_transferred vdb-entry x_refsource_BID
- 46034 x_refsource_EXPLOIT-DB x_transferred exploit
- https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/ x_transferred x_refsource_MISC
- 46048 x_refsource_EXPLOIT-DB x_transferred exploit
- https://www.synology.com/security/advisory/Synology_SA_18_62 x_transferred x_refsource_CONFIRM
- https://www.tenable.com/security/research/tra-2018-48 x_transferred x_refsource_MISC
- DSA-4356 vendor-advisory x_refsource_DEBIAN x_transferred
- 46675 x_refsource_EXPLOIT-DB x_transferred exploit
- http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass… x_transferred x_refsource_MISC
Affected products
Netatalk
- ==Before 3.1.12
Package maintainers
-
@jcumming Jack Cummings <jack@mudshark.org>