===========================================================
== Subject:     Unauthenticated remote code execution
==
== CVE ID#:     CVE-2018-1160
==
== Versions:    Any version Netatalk 2 and newer
==
== Summary:     Unauthenticated user can cause arbitrary
==              code execution with root privileges
===========================================================

===========
Description
===========

Due to a missing bounds check in the handling of the DSI Opensession
command, an unauthenticated user can overwrite memory with data of
their choice which can ultimately lead to arbitrary code execution
with root privileges.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

    http://netatalk.sourceforge.net/

Netatalk 3.1.12 has been issued as security releases to correct the
defect.  Netatalk administrators are advised to upgrade to these
releases or apply the patch as soon as possible.

==================
CVSSv3 calculation
==================

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)

==========
Workaround
==========

None.

=======
Credits
=======

Originally reported by Jacob Baines from Tenable.

Patches provided by Ralph Boehme of the Netatalk and Samba teams.