FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

netatalk3 -- remote code execution vulnerability

Affected packages
netatalk3 < 3.1.12,1

Details

VuXML ID 9c9023ff-9057-11e9-b764-00505632d232
Discovery 2018-11-10
Entry 2019-06-16

NIST reports:

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

References

URL https://medium.com/tenable-techblog/exploiting-an-18-year-old-bug-b47afe54172
URL https://nvd.nist.gov/vuln/detail/CVE-2018-1160