netatalk.io

Netatalk Security Advisory

Subject
Unauthenticated remote code execution
CVE ID
CVE-2018-1160
Date of Publishing
2018/12/13 advisory published retroactively; date is approximate
Affected Netatalk Versions
3.0.0 - 3.1.11
1.5.0 - 2.2.6
Summary
Unauthenticated user can cause arbitrary code execution with root privileges

Description

Due to a missing bounds check in the handling of the DSI Opensession command, an unauthenticated user can overwrite memory with data of their choice which can ultimately lead to arbitrary code execution with root privileges.

Patch Availability

Apply the patches with git hashes 6725632 and b6895be to hotfix your local Netatalk deployment.

Additionally, Netatalk 3.1.12 and 2.2.7 have been released which contains the security patch. Netatalk administrators are advised to upgrade to this version or apply the patch as soon as possible.

CVSS Calculation

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)

Workaround

None.

Credits

Vulnerability found and reported by:
Jacob Baines from Tenable
Patch developed by:
Ralph Boehme of the Netatalk and Samba teams

Go back to Support