ID

VAR-201812-0337


CVE

CVE-2018-1160


TITLE

Netatalk Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2018-014397

DESCRIPTION

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. Netatalk Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Netatalk is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition. Versions prior to Netatalk 3.1.12 are vulnerable. Netatalk is a server for providing Appletalk network protocol services on the Linux platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] netatalk (SSA:2018-355-01) New netatalk packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/netatalk-3.1.12-i586-1_slack14.2.txz: Upgraded. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1160 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/netatalk-3.1.12-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/netatalk-3.1.12-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/netatalk-3.1.12-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/netatalk-3.1.12-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/netatalk-3.1.12-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/netatalk-3.1.12-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/netatalk-3.1.12-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/netatalk-3.1.12-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 432b5ce04bc190f3b2adeb0b5cc38038 netatalk-3.1.12-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 88f1941d9ecbf3396f980b3991974e40 netatalk-3.1.12-x86_64-1_slack14.0.txz Slackware 14.1 package: 7721f598bf7727c96f8212584183a391 netatalk-3.1.12-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 5de343d3978db5139b2075ac15d72b07 netatalk-3.1.12-x86_64-1_slack14.1.txz Slackware 14.2 package: eb213699f58c6b08908bda9df86571d8 netatalk-3.1.12-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 9e7f5b18ab91dc69a2b4326f563c0682 netatalk-3.1.12-x86_64-1_slack14.2.txz Slackware -current package: dcf24ac0ff6cf0e1e0704cb3f0f35dc3 n/netatalk-3.1.12-i586-1.txz Slackware x86_64 -current package: efaab6db914d27191fddfdd409fcb0b1 n/netatalk-3.1.12-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg netatalk-3.1.12-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlwdxscACgkQakRjwEAQIjMmkwCffwsX8TRT8L+Ymtwwif7HSrgZ qAYAn02bfnf6sOXXxWYTPJBuzVwv3jR5 =UBLh -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4356-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : netatalk CVE ID : CVE-2018-1160 Debian Bug : 916930 Jacob Baines discovered a flaw in the handling of the DSI Opensession command in Netatalk, an implementation of the AppleTalk Protocol Suite, allowing an unauthenticated user to execute arbitrary code with root privileges. For the stable distribution (stretch), this problem has been fixed in version 2.2.5-2+deb9u1. We recommend that you upgrade your netatalk packages. For the detailed security status of netatalk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netatalk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwb2aFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TaWA/7BLosSUP7w9QtHSSXqZcQQ2S2SzVNbANKjK0E1VFb+P8yZYXmQTQIBcLI SvM8A8tewM7gil0d8Nl+5m1xPZeWZ9eLrwCkD9CvAbqS+6h1HiiIGAEyAFJ0wzL8 P49BUZtUmg/vFFecjhdwPW+D5ve31EKZlB/IJngGm4ETHnRUyGXvYtW6Y89KWKQL Fl2t3quM1zq6nIi8ovtHUvEMkenHfziT3I0WcEjqZp/YJb8WlckpQOBs/oIH9Cem m5FmQmYbQLFt40RPORjhsA+7vWOCofBFfW7caVY+9hkSL75USzhfZRHeIWS4LHrA 4tKmwS4ZDv/9FyT/KEOnA0qBjLltFUYoK3ZnWGvw0lGVVJE4ae9N5nsLYuVsbEey 6Q8MYn7H/Kks8/CXicb9Mg4pgCcRK8PdudY+BTo6BTZHE6oRT2fj1t8COYWJ7xWo 92CoIbuQ6E5fJwxyZ7aDOGbzQxUmuE1SL6QblK/xlIdUCdJ8qtyFBat8++KVNoAn mtYah1/VFfqUA2XqzRdQIq3O45Hks48jhKWhqIPjJaK9kJQaiRLkSkqZr/SBI2Vy ZIe4mHG/j5Ps4Y2Z9WiamvZCP2jlFRWFsaYKpS7Bj1auf9ekA3zOB7PH+3Lxq93N KDl9HJLTrKym1v4p3hAeuHpkbMDOxH4Bpf5K9Qys7/ce6cPOhVA= =VFiz -----END PGP SIGNATURE-----

Trust: 2.25

sources: NVD: CVE-2018-1160 // JVNDB: JVNDB-2018-014397 // BID: 106301 // VULHUB: VHN-121475 // VULMON: CVE-2018-1160 // PACKETSTORM: 150916 // PACKETSTORM: 150864

AFFECTED PRODUCTS

vendor:netatalkmodel:netatalkscope:ltversion:3.1.12

Trust: 1.8

vendor:synologymodel:diskstation managerscope:gteversion:6.1

Trust: 1.0

vendor:synologymodel:diskstation managerscope:ltversion:6.1.7-15284-3

Trust: 1.0

vendor:synologymodel:diskstation managerscope:ltversion:6.2.1-23824-4

Trust: 1.0

vendor:synologymodel:router managerscope:gteversion:1.2

Trust: 1.0

vendor:synologymodel:router managerscope:ltversion:1.2-7742-5

Trust: 1.0

vendor:synologymodel:diskstation managerscope:gteversion:6.2

Trust: 1.0

vendor:synologymodel:diskstation managerscope:gteversion:5.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:synologymodel:diskstation managerscope:ltversion:5.2-5967-9

Trust: 1.0

vendor:synologymodel:skynasscope:eqversion: -

Trust: 1.0

vendor:synologymodel:vs960hdscope:eqversion: -

Trust: 1.0

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:synologymodel:diskstation managerscope: - version: -

Trust: 0.8

vendor:synologymodel:router managerscope: - version: -

Trust: 0.8

vendor:synologymodel:skynasscope: - version: -

Trust: 0.8

vendor:synologymodel:vs960hdscope: - version: -

Trust: 0.8

vendor:slackwaremodel:linuxscope:eqversion:14.2

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:netatalkmodel:netatalkscope:eqversion:3.1.11

Trust: 0.3

vendor:netatalkmodel:netatalkscope:eqversion:3.1

Trust: 0.3

vendor:netatalkmodel:netatalkscope:eqversion:2.0.4

Trust: 0.3

vendor:netatalkmodel:netatalkscope:eqversion:3.0

Trust: 0.3

vendor:netatalkmodel:netatalkscope:eqversion:2.2

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-30scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:6

Trust: 0.3

vendor:netatalkmodel:netatalkscope:neversion:3.1.12

Trust: 0.3

sources: BID: 106301 // JVNDB: JVNDB-2018-014397 // NVD: CVE-2018-1160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1160
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-1160
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-955
value: CRITICAL

Trust: 0.6

VULHUB: VHN-121475
value: HIGH

Trust: 0.1

VULMON: CVE-2018-1160
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-1160
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-121475
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1160
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121475 // VULMON: CVE-2018-1160 // JVNDB: JVNDB-2018-014397 // CNNVD: CNNVD-201812-955 // NVD: CVE-2018-1160

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-121475 // JVNDB: JVNDB-2018-014397 // NVD: CVE-2018-1160

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-955

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201812-955

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014397

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-121475 // VULMON: CVE-2018-1160

PATCH

title:DSA-4356url:https://www.debian.org/security/2018/dsa-4356

Trust: 0.8

title:Netatalk 3.1.12url:http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html

Trust: 0.8

title:Synology-SA-18:62 Netatalkurl:https://www.synology.com/ja-jp/security/advisory/Synology_SA_18_62

Trust: 0.8

title:Netatalk Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88113

Trust: 0.6

title:Debian CVElist Bug Report Logs: netatalk: CVE-2018-1160: Unauthenticated remote code execution in Netatalkurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=7ca724fbcb5be198c1b4286c261b6758

Trust: 0.1

title:Debian Security Advisories: DSA-4356-1 netatalk -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a853c6ae1b3ef5195ece61a5d9c4a33e

Trust: 0.1

title:Protocol-Vulurl:https://github.com/WinMin/Protocol-Vul

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

sources: VULMON: CVE-2018-1160 // JVNDB: JVNDB-2018-014397 // CNNVD: CNNVD-201812-955

EXTERNAL IDS

db:NVDid:CVE-2018-1160

Trust: 3.1

db:TENABLEid:TRA-2018-48

Trust: 2.9

db:EXPLOIT-DBid:46034

Trust: 2.1

db:BIDid:106301

Trust: 2.1

db:PACKETSTORMid:152440

Trust: 1.8

db:EXPLOIT-DBid:46048

Trust: 1.8

db:EXPLOIT-DBid:46675

Trust: 1.8

db:JVNDBid:JVNDB-2018-014397

Trust: 0.8

db:CNNVDid:CNNVD-201812-955

Trust: 0.7

db:PACKETSTORMid:150864

Trust: 0.2

db:PACKETSTORMid:150916

Trust: 0.2

db:PACKETSTORMid:150891

Trust: 0.1

db:SEEBUGid:SSVID-97748

Trust: 0.1

db:VULHUBid:VHN-121475

Trust: 0.1

db:VULMONid:CVE-2018-1160

Trust: 0.1

sources: VULHUB: VHN-121475 // VULMON: CVE-2018-1160 // BID: 106301 // JVNDB: JVNDB-2018-014397 // PACKETSTORM: 150916 // PACKETSTORM: 150864 // CNNVD: CNNVD-201812-955 // NVD: CVE-2018-1160

REFERENCES

url:https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/

Trust: 2.9

url:https://www.tenable.com/security/research/tra-2018-48

Trust: 2.9

url:http://www.securityfocus.com/bid/106301

Trust: 2.4

url:http://packetstormsecurity.com/files/152440/qnap-netatalk-authentication-bypass.html

Trust: 2.4

url:http://netatalk.sourceforge.net/3.1/releasenotes3.1.12.html

Trust: 2.1

url:https://www.debian.org/security/2018/dsa-4356

Trust: 2.1

url:https://www.synology.com/security/advisory/synology_sa_18_62

Trust: 1.8

url:https://www.exploit-db.com/exploits/46034/

Trust: 1.8

url:https://www.exploit-db.com/exploits/46048/

Trust: 1.8

url:https://www.exploit-db.com/exploits/46675/

Trust: 1.8

url:https://attachments.samba.org/attachment.cgi?id=14735

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-1160

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1160

Trust: 0.9

url:https://www.exploit-db.com/exploits/46675

Trust: 0.7

url:https://www.exploit-db.com/exploits/46034

Trust: 0.3

url:http://netatalk.sourceforge.net/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916930

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=59406

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/winmin/protocol-vul

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://security-tracker.debian.org/tracker/netatalk

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

sources: VULHUB: VHN-121475 // VULMON: CVE-2018-1160 // BID: 106301 // JVNDB: JVNDB-2018-014397 // PACKETSTORM: 150916 // PACKETSTORM: 150864 // CNNVD: CNNVD-201812-955 // NVD: CVE-2018-1160

CREDITS

muts

Trust: 0.6

sources: CNNVD: CNNVD-201812-955

SOURCES

db:VULHUBid:VHN-121475
db:VULMONid:CVE-2018-1160
db:BIDid:106301
db:JVNDBid:JVNDB-2018-014397
db:PACKETSTORMid:150916
db:PACKETSTORMid:150864
db:CNNVDid:CNNVD-201812-955
db:NVDid:CVE-2018-1160

LAST UPDATE DATE

2024-11-23T23:08:32.527000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-121475date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-1160date:2019-10-09T00:00:00
db:BIDid:106301date:2018-12-20T00:00:00
db:JVNDBid:JVNDB-2018-014397date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201812-955date:2019-10-17T00:00:00
db:NVDid:CVE-2018-1160date:2024-11-21T03:59:18.523

SOURCES RELEASE DATE

db:VULHUBid:VHN-121475date:2018-12-20T00:00:00
db:VULMONid:CVE-2018-1160date:2018-12-20T00:00:00
db:BIDid:106301date:2018-12-20T00:00:00
db:JVNDBid:JVNDB-2018-014397date:2019-03-19T00:00:00
db:PACKETSTORMid:150916date:2018-12-24T16:47:50
db:PACKETSTORMid:150864date:2018-12-20T18:18:00
db:CNNVDid:CNNVD-201812-955date:2018-12-21T00:00:00
db:NVDid:CVE-2018-1160date:2018-12-20T21:29:00.477