Project

General

Profile

Bug #9781

netatalk: Unauthenticated remote code execution (CVE-2018-1160)

Added by Alicha CH 5 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
12/24/2018
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:
CVE-2018-1160

Description

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data.
A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

References:

http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html
https://nvd.nist.gov/vuln/detail/CVE-2018-1160

Patch:

https://github.com/Netatalk/Netatalk/commit/750f9b55844b444b8ff1a38206fd2bdbab85c21f


Subtasks

Bug #9782: [3.9] netatalk: Unauthenticated remote code execution (CVE-2018-1160)Closed

Bug #9783: [3.8] netatalk: Unauthenticated remote code execution (CVE-2018-1160)Closed

Associated revisions

Revision 5651f47d (diff)
Added by Roberto Oliveira 4 months ago

community/netatalk: security upgrade to 3.1.12 CVE-2018-1160)

Fixes #9781

History

#1 Updated by Roberto Oliveira 4 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Roberto Oliveira 4 months ago

  • Status changed from Resolved to New

#3 Updated by Leonardo Arena 4 months ago

  • Status changed from New to Resolved

#4 Updated by Alicha CH 3 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF