APP: Netatalk dsi_opensession Attention Quantum Out-of-bounds Write

This signature detects attempts to exploit a known vulnerability against Netatalk. Successful exploitation could lead to arbitrary code execution with privileges of the root user.

Extended Description

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

Affected Products

Netatalk netatalk

References

BugTraq: 106301

CVE: CVE-2018-1160

Short Name
APP:CVE-2018-1160-OB
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
Attention CVE-2018-1160 Netatalk Out-of-bounds Quantum Write bid:106301 dsi_opensession
Release Date
02/15/2019
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3638
Port
TCP/548
False Positive
Unknown
Vendors

Netatalk

Debian

Synology

CVSS Score

10.0

Found a potential security threat?