vulnerability
Ubuntu: (CVE-2018-1160): netatalk vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Dec 20, 2018 | Nov 19, 2024 | Aug 19, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Dec 20, 2018
Added
Nov 19, 2024
Modified
Aug 19, 2025
Description
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
Solution
ubuntu-upgrade-netatalk
References
- CVE-2018-1160
- https://attackerkb.com/topics/CVE-2018-1160
- CWE-787
- DEBIAN-DSA-4356
- URL-http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html
- URL-https://attachments.samba.org/attachment.cgi?id=14735
- URL-https://bugzilla.samba.org/show_bug.cgi?id=13711
- URL-https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/
- URL-https://www.cve.org/CVERecord?id=CVE-2018-1160
- URL-https://www.tenable.com/security/research/tra-2018-48
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.