Details of VAR-201812-0337

ID

VAR-201812-0337

CVE

CVE-2018-1160

TITLE

Netatalk Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2018-014397

DESCRIPTION

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. Netatalk Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Netatalk is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition. Versions prior to Netatalk 3.1.12 are vulnerable. Netatalk is a server for providing Appletalk network protocol services on the Linux platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] netatalk (SSA:2018-355-01) New netatalk packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/netatalk-3.1.12-i586-1_slack14.2.txz: Upgraded. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1160 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/netatalk-3.1.12-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/netatalk-3.1.12-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/netatalk-3.1.12-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/netatalk-3.1.12-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/netatalk-3.1.12-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/netatalk-3.1.12-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/netatalk-3.1.12-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/netatalk-3.1.12-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 432b5ce04bc190f3b2adeb0b5cc38038 netatalk-3.1.12-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 88f1941d9ecbf3396f980b3991974e40 netatalk-3.1.12-x86_64-1_slack14.0.txz Slackware 14.1 package: 7721f598bf7727c96f8212584183a391 netatalk-3.1.12-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 5de343d3978db5139b2075ac15d72b07 netatalk-3.1.12-x86_64-1_slack14.1.txz Slackware 14.2 package: eb213699f58c6b08908bda9df86571d8 netatalk-3.1.12-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 9e7f5b18ab91dc69a2b4326f563c0682 netatalk-3.1.12-x86_64-1_slack14.2.txz Slackware -current package: dcf24ac0ff6cf0e1e0704cb3f0f35dc3 n/netatalk-3.1.12-i586-1.txz Slackware x86_64 -current package: efaab6db914d27191fddfdd409fcb0b1 n/netatalk-3.1.12-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg netatalk-3.1.12-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlwdxscACgkQakRjwEAQIjMmkwCffwsX8TRT8L+Ymtwwif7HSrgZ qAYAn02bfnf6sOXXxWYTPJBuzVwv3jR5 =UBLh -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4356-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : netatalk CVE ID : CVE-2018-1160 Debian Bug : 916930 Jacob Baines discovered a flaw in the handling of the DSI Opensession command in Netatalk, an implementation of the AppleTalk Protocol Suite, allowing an unauthenticated user to execute arbitrary code with root privileges. For the stable distribution (stretch), this problem has been fixed in version 2.2.5-2+deb9u1. We recommend that you upgrade your netatalk packages. For the detailed security status of netatalk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netatalk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwb2aFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TaWA/7BLosSUP7w9QtHSSXqZcQQ2S2SzVNbANKjK0E1VFb+P8yZYXmQTQIBcLI SvM8A8tewM7gil0d8Nl+5m1xPZeWZ9eLrwCkD9CvAbqS+6h1HiiIGAEyAFJ0wzL8 P49BUZtUmg/vFFecjhdwPW+D5ve31EKZlB/IJngGm4ETHnRUyGXvYtW6Y89KWKQL Fl2t3quM1zq6nIi8ovtHUvEMkenHfziT3I0WcEjqZp/YJb8WlckpQOBs/oIH9Cem m5FmQmYbQLFt40RPORjhsA+7vWOCofBFfW7caVY+9hkSL75USzhfZRHeIWS4LHrA 4tKmwS4ZDv/9FyT/KEOnA0qBjLltFUYoK3ZnWGvw0lGVVJE4ae9N5nsLYuVsbEey 6Q8MYn7H/Kks8/CXicb9Mg4pgCcRK8PdudY+BTo6BTZHE6oRT2fj1t8COYWJ7xWo 92CoIbuQ6E5fJwxyZ7aDOGbzQxUmuE1SL6QblK/xlIdUCdJ8qtyFBat8++KVNoAn mtYah1/VFfqUA2XqzRdQIq3O45Hks48jhKWhqIPjJaK9kJQaiRLkSkqZr/SBI2Vy ZIe4mHG/j5Ps4Y2Z9WiamvZCP2jlFRWFsaYKpS7Bj1auf9ekA3zOB7PH+3Lxq93N KDl9HJLTrKym1v4p3hAeuHpkbMDOxH4Bpf5K9Qys7/ce6cPOhVA= =VFiz -----END PGP SIGNATURE-----

Trust: 2.25

sources: NVD: CVE-2018-1160 // JVNDB: JVNDB-2018-014397 // BID: 106301 // VULHUB: VHN-121475 // VULMON: CVE-2018-1160 // PACKETSTORM: 150916 // PACKETSTORM: 150864

AFFECTED PRODUCTS

vendor:	netatalk	model:	netatalk	scope:	lt	version:	3.1.12	Trust: 1.8
vendor:	synology	model:	router manager	scope:	lt	version:	1.2-7742-5	Trust: 1.0
vendor:	synology	model:	skynas	scope:	eq	version:	-	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	lt	version:	5.2-5967-9	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	gte	version:	6.2	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	gte	version:	5.2	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	gte	version:	6.1	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.1.7-15284-3	Trust: 1.0
vendor:	synology	model:	vs960hd	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.2.1-23824-4	Trust: 1.0
vendor:	synology	model:	router manager	scope:	gte	version:	1.2	Trust: 1.0
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	diskstation manager	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	router manager	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	skynas	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	vs960hd	scope:	-	version:	-	Trust: 0.8
vendor:	slackware	model:	linux	scope:	eq	version:	14.2	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	14.1	Trust: 0.3
vendor:	slackware	model:	linux	scope:	eq	version:	14.0	Trust: 0.3
vendor:	netatalk	model:	netatalk	scope:	eq	version:	3.1.11	Trust: 0.3
vendor:	netatalk	model:	netatalk	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netatalk	model:	netatalk	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	netatalk	model:	netatalk	scope:	eq	version:	3.0	Trust: 0.3
vendor:	netatalk	model:	netatalk	scope:	eq	version:	2.2	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-30	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux	scope:	eq	version:	6	Trust: 0.3
vendor:	netatalk	model:	netatalk	scope:	ne	version:	3.1.12	Trust: 0.3

sources: BID: 106301 // JVNDB: JVNDB-2018-014397 // NVD: CVE-2018-1160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-1160
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-1160
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201812-955
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-121475
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-1160
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-1160
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-121475
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-1160
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-121475 // VULMON: CVE-2018-1160 // JVNDB: JVNDB-2018-014397 // CNNVD: CNNVD-201812-955 // NVD: CVE-2018-1160

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.9

sources: VULHUB: VHN-121475 // JVNDB: JVNDB-2018-014397 // NVD: CVE-2018-1160

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-955

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201812-955

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014397

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-121475 // VULMON: CVE-2018-1160

PATCH

title:	DSA-4356	url:	https://www.debian.org/security/2018/dsa-4356	Trust: 0.8
title:	Netatalk 3.1.12	url:	http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html	Trust: 0.8
title:	Synology-SA-18:62 Netatalk	url:	https://www.synology.com/ja-jp/security/advisory/Synology_SA_18_62	Trust: 0.8
title:	Netatalk Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88113	Trust: 0.6
title:	Debian CVElist Bug Report Logs: netatalk: CVE-2018-1160: Unauthenticated remote code execution in Netatalk	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=7ca724fbcb5be198c1b4286c261b6758	Trust: 0.1
title:	Debian Security Advisories: DSA-4356-1 netatalk -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a853c6ae1b3ef5195ece61a5d9c4a33e	Trust: 0.1
title:	Protocol-Vul	url:	https://github.com/WinMin/Protocol-Vul	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1

sources: VULMON: CVE-2018-1160 // JVNDB: JVNDB-2018-014397 // CNNVD: CNNVD-201812-955

EXTERNAL IDS

db:	NVD	id:	CVE-2018-1160	Trust: 3.1
db:	TENABLE	id:	TRA-2018-48	Trust: 2.9
db:	EXPLOIT-DB	id:	46034	Trust: 2.1
db:	BID	id:	106301	Trust: 2.1
db:	PACKETSTORM	id:	152440	Trust: 1.8
db:	EXPLOIT-DB	id:	46048	Trust: 1.8
db:	EXPLOIT-DB	id:	46675	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-014397	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-955	Trust: 0.7
db:	PACKETSTORM	id:	150864	Trust: 0.2
db:	PACKETSTORM	id:	150916	Trust: 0.2
db:	PACKETSTORM	id:	150891	Trust: 0.1
db:	SEEBUG	id:	SSVID-97748	Trust: 0.1
db:	VULHUB	id:	VHN-121475	Trust: 0.1
db:	VULMON	id:	CVE-2018-1160	Trust: 0.1

sources: VULHUB: VHN-121475 // VULMON: CVE-2018-1160 // BID: 106301 // JVNDB: JVNDB-2018-014397 // PACKETSTORM: 150916 // PACKETSTORM: 150864 // CNNVD: CNNVD-201812-955 // NVD: CVE-2018-1160

REFERENCES

url:	https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/	Trust: 2.9
url:	https://www.tenable.com/security/research/tra-2018-48	Trust: 2.9
url:	http://www.securityfocus.com/bid/106301	Trust: 2.4
url:	http://packetstormsecurity.com/files/152440/qnap-netatalk-authentication-bypass.html	Trust: 2.4
url:	http://netatalk.sourceforge.net/3.1/releasenotes3.1.12.html	Trust: 2.1
url:	https://www.debian.org/security/2018/dsa-4356	Trust: 2.1
url:	https://www.synology.com/security/advisory/synology_sa_18_62	Trust: 1.8
url:	https://www.exploit-db.com/exploits/46034/	Trust: 1.8
url:	https://www.exploit-db.com/exploits/46048/	Trust: 1.8
url:	https://www.exploit-db.com/exploits/46675/	Trust: 1.8
url:	https://attachments.samba.org/attachment.cgi?id=14735	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1160	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1160	Trust: 0.9
url:	https://www.exploit-db.com/exploits/46675	Trust: 0.7
url:	https://www.exploit-db.com/exploits/46034	Trust: 0.3
url:	http://netatalk.sourceforge.net/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916930	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=59406	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/winmin/protocol-vul	Trust: 0.1
url:	http://slackware.com	Trust: 0.1
url:	http://osuosl.org)	Trust: 0.1
url:	http://slackware.com/gpg-key	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/netatalk	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1

CREDITS

muts

Trust: 0.6

sources: CNNVD: CNNVD-201812-955

SOURCES

db:	VULHUB	id:	VHN-121475
db:	VULMON	id:	CVE-2018-1160
db:	BID	id:	106301
db:	JVNDB	id:	JVNDB-2018-014397
db:	PACKETSTORM	id:	150916
db:	PACKETSTORM	id:	150864
db:	CNNVD	id:	CNNVD-201812-955
db:	NVD	id:	CVE-2018-1160

LAST UPDATE DATE

2024-08-14T14:45:31.326000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-121475	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-1160	date:	2019-10-09T00:00:00
db:	BID	id:	106301	date:	2018-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-014397	date:	2019-03-19T00:00:00
db:	CNNVD	id:	CNNVD-201812-955	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-1160	date:	2023-09-29T11:15:02.217

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-121475	date:	2018-12-20T00:00:00
db:	VULMON	id:	CVE-2018-1160	date:	2018-12-20T00:00:00
db:	BID	id:	106301	date:	2018-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-014397	date:	2019-03-19T00:00:00
db:	PACKETSTORM	id:	150916	date:	2018-12-24T16:47:50
db:	PACKETSTORM	id:	150864	date:	2018-12-20T18:18:00
db:	CNNVD	id:	CNNVD-201812-955	date:	2018-12-21T00:00:00
db:	NVD	id:	CVE-2018-1160	date:	2018-12-20T21:29:00.477