Netatalk Security Advisory
- Subject
- Unauthenticated remote code execution
- CVE ID
- CVE-2018-1160
- Date of Publishing
- 2018/12/13 advisory published retroactively; date is approximate
- Affected Netatalk Versions
- 3.0.0 - 3.1.11
- 1.5.0 - 2.2.6
- Summary
- Unauthenticated user can cause arbitrary code execution with root privileges
Description
Due to a missing bounds check in the handling of the DSI Opensession command, an unauthenticated user can overwrite memory with data of their choice which can ultimately lead to arbitrary code execution with root privileges.
Patch Availability
Apply the patches with git hashes 6725632 and b6895be to hotfix your local Netatalk deployment.
Additionally, Netatalk 3.1.12 and 2.2.7 have been released which contains the security patch. Netatalk administrators are advised to upgrade to this version or apply the patch as soon as possible.
CVSS Calculation
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)
Workaround
None.
Credits
- Vulnerability found and reported by:
- Jacob Baines from Tenable
- Patch developed by:
- Ralph Boehme of the Netatalk and Samba teams
