Uploaded image for project: 'TrueNAS'
  1. TrueNAS
  2. NAS-102279

Update netatalk to fix CVE-2018–1160

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Engineering Closed (View Workflow)
    • Priority: Low
    • Resolution: Not Applicable
    • Affects Version/s: 11.2-U5
    • Fix Version/s: N/A
    • Component/s: Services
    • Labels:

      Description

      As per 'pkg audit -F':

      netatalk3-3.1.11_3,1 is vulnerable:
      netatalk3 -- remote code execution vulnerability
      WWW: https://vuxml.FreeBSD.org/freebsd/9c9023ff-9057-11e9-b764-00505632d232.html

       

      This looks pretty bad:

      https://medium.com/tenable-techblog/exploiting-an-18-year-old-bug-b47afe54172 

      "allows remote unauthenticated attackers to overwrite some struct data. I leveraged this bug to bypass authentication and gain full control of the AFP volumes."

        Attachments

          Attachments

            JEditor

              Activity

                People

                Assignee:
                awalker Andrew Walker
                Reporter:
                seanm Sean McBride
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: