Project

General

Profile

Bug #9783

Bug #9781: netatalk: Unauthenticated remote code execution (CVE-2018-1160)

[3.8] netatalk: Unauthenticated remote code execution (CVE-2018-1160)

Added by Alicha CH 6 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
12/24/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:
CVE-2018-1160

Description

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data.
A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

References:

http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html
https://nvd.nist.gov/vuln/detail/CVE-2018-1160

Patch:

https://github.com/Netatalk/Netatalk/commit/750f9b55844b444b8ff1a38206fd2bdbab85c21f

Associated revisions

Revision f6b482c9 (diff)
Added by Leonardo Arena 5 months ago

community/netatalk: security upgrade to 3.1.12 (CVE-2018-1160)

Fixes #9783

History

#1 Updated by Anonymous 5 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 4 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF