CVE-2018-1160.html.in

<div id="content">
<h1>Netatalk Security Advisory</h1>

<dl>
<dt><strong>Subject</strong></dt>
<dd>Unauthenticated remote code execution</dd>
<dt><strong>CVE ID</strong></dt>
<dd><a href="https://www.cve.org/CVERecord?id=CVE-2018-1160">CVE-2018-1160</a></dd>
<dt><strong>Date of Publishing</strong></dt>
<dd>2018/12/13 <i>advisory published retroactively; date is approximate</i></dd>
<dt><strong>Affected Netatalk Versions</strong></dt>
<dd>3.0.0 - 3.1.11</dd>
<dd>1.5.0 - 2.2.6</dd>
<dt><strong>Summary</strong></dt>
<dd>Unauthenticated user can cause arbitrary code execution with root privileges</dd>
</dl>
<h2>Description</h2>
<p>Due to a missing bounds check in the handling of the DSI Opensession
command, an unauthenticated user can overwrite memory with data of
their choice which can ultimately lead to arbitrary code execution
with root privileges.</p>

<h2>Patch Availability</h2>
<p>Apply the patches with git hashes
<a href="https://github.com/Netatalk/netatalk/commit/67256322aa5a1fff01de471d6787d1d862678746.diff">
6725632</a> and
<a href="https://github.com/Netatalk/netatalk/commit/b6895be1cb5b915254ee92c2150e309cd31ebff6.diff">
b6895be</a> to hotfix your local Netatalk deployment.</p>

<p>Additionally, Netatalk 3.1.12 and 2.2.7 have been released which contains the security patch.
Netatalk administrators are advised to upgrade to this version or apply the patch as soon as possible.</p>

<h2>CVSS Calculation</h2>
<p>CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)</p>

<h2>Workaround</h2>
<p>None.</p>

<h2>Credits</h2>
<dl>
<dt>Vulnerability found and reported by:</dt>
<dd>Jacob Baines from Tenable</dd>
<dt>Patch developed by:</dt>
<dd>Ralph Boehme of the Netatalk and Samba teams</dd>
</dl>

</div>