Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
History
21 Nov 2024, 03:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html - Release Notes | |
References | () http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/106301 - Third Party Advisory, VDB Entry | |
References | () https://attachments.samba.org/attachment.cgi?id=14735 - Third Party Advisory | |
References | () https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/ - Release Notes, Third Party Advisory | |
References | () https://www.debian.org/security/2018/dsa-4356 - Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/46034/ - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/46048/ - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/46675/ - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.synology.com/security/advisory/Synology_SA_18_62 - Third Party Advisory | |
References | () https://www.tenable.com/security/research/tra-2018-48 - Exploit, Release Notes, Third Party Advisory |
29 Sep 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netatalk
Netatalk netatalk |
|
CPE | cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* |
Information
Published : 2018-12-20 21:29
Updated : 2024-11-21 03:59
NVD link : CVE-2018-1160
Mitre link : CVE-2018-1160
CVE.ORG link : CVE-2018-1160
JSON object : View
Products Affected
synology
- vs960hd_firmware
- skynas
- vs960hd
- router_manager
- diskstation_manager
debian
- debian_linux
netatalk
- netatalk
CWE
CWE-787
Out-of-bounds Write