CVE-2018-1160
Netatalk 3.1.12 - Authentication Bypass (PoC)
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
8
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
Netatalk, en versiones anteriores a la 3.1.12, es vulnerable a una escritura fuera de límites en dsi_opensess.c. Esto se debe a la falta de comprobación de límites de los datos controlados por el atacante. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para lograr la ejecución de código arbitrario.
Jacob Baines discovered a flaw in the handling of the DSI Opensession command in Netatalk, an implementation of the AppleTalk Protocol Suite, allowing an unauthenticated user to execute arbitrary code with root privileges.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-05 CVE Reserved
- 2018-12-20 CVE Published
- 2018-12-21 First Exploit
- 2024-09-16 CVE Updated
- 2025-04-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html | Release Notes | |
| http://www.securityfocus.com/bid/106301 | Third Party Advisory | |
| https://attachments.samba.org/attachment.cgi?id=14735 | Third Party Advisory | |
| https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160 | Release Notes | |
| https://www.synology.com/security/advisory/Synology_SA_18_62 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/150891 | 2018-12-21 | |
| https://packetstorm.news/files/id/152440 | 2019-04-05 | |
| https://www.exploit-db.com/exploits/46048 | 2024-09-16 | |
| https://www.exploit-db.com/exploits/46034 | 2024-09-16 | |
| https://www.exploit-db.com/exploits/46675 | 2024-09-16 | |
| https://github.com/SachinThanushka/CVE-2018-1160 | 2020-05-12 | |
| http://packetstormsecurity.com/files/152440/QNAP-Netatalk-Authentication-Bypass.html | 2024-09-16 | |
| https://www.tenable.com/security/research/tra-2018-48 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2018/dsa-4356 | 2023-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Synology Search vendor "Synology" | Vs960hd Firmware Search vendor "Synology" for product "Vs960hd Firmware" | - | - |
Affected
| in | Synology Search vendor "Synology" | Vs960hd Search vendor "Synology" for product "Vs960hd" | - | - |
Safe
|
| Netatalk Search vendor "Netatalk" | Netatalk Search vendor "Netatalk" for product "Netatalk" | < 3.1.12 Search vendor "Netatalk" for product "Netatalk" and version " < 3.1.12" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Diskstation Manager Search vendor "Synology" for product "Diskstation Manager" | >= 5.2 < 5.2-5967-9 Search vendor "Synology" for product "Diskstation Manager" and version " >= 5.2 < 5.2-5967-9" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Diskstation Manager Search vendor "Synology" for product "Diskstation Manager" | >= 6.1 < 6.1.7-15284-3 Search vendor "Synology" for product "Diskstation Manager" and version " >= 6.1 < 6.1.7-15284-3" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Diskstation Manager Search vendor "Synology" for product "Diskstation Manager" | >= 6.2 < 6.2.1-23824-4 Search vendor "Synology" for product "Diskstation Manager" and version " >= 6.2 < 6.2.1-23824-4" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Router Manager Search vendor "Synology" for product "Router Manager" | >= 1.2 < 1.2-7742-5 Search vendor "Synology" for product "Router Manager" and version " >= 1.2 < 1.2-7742-5" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Skynas Search vendor "Synology" for product "Skynas" | - | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||