Bug 13711 (CVE-2018-1160) - [Not Samba] [NETATALK] Unauthenticated remote code execution in Netatalk
Summary: [Not Samba] [NETATALK] Unauthenticated remote code execution in Netatalk
Status: RESOLVED FIXED
Alias: CVE-2018-1160
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Ralph Böhme
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-13 21:24 UTC by Ralph Böhme
Modified: 2021-02-11 14:23 UTC (History)
6 users (show)

See Also:

Attachments
Prepared advisory text for CVE-2018-1160 (1.24 KB, text/plain)
2018-12-13 21:29 UTC, Ralph Böhme 		jra: review+
abartlet: review+
Details
Patch for master (5.35 KB, patch)
2018-12-13 21:37 UTC, Ralph Böhme 		no flags Details
Patch for 3.1 (5.48 KB, patch)
2018-12-13 21:38 UTC, Ralph Böhme 		no flags Details
Patch for 2.0.x (2.44 KB, patch)
2018-12-19 13:57 UTC, Petr Gajdos 		slow: review+
Details
Patch for 2.2 (5.40 KB, patch)
2018-12-19 16:48 UTC, Ralph Böhme 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Ralph Böhme 2018-12-13 21:29:39 UTC 
Created attachment 14735 [details]
Prepared advisory text for CVE-2018-1160
Comment 2 Ralph Böhme 2018-12-13 21:37:32 UTC 
Created attachment 14736 [details]
Patch for master
Comment 3 Ralph Böhme 2018-12-13 21:38:08 UTC 
Created attachment 14737 [details]
Patch for 3.1
Comment 4 Andrew Bartlett 2018-12-13 22:00:07 UTC 
Comment on attachment 14735 [details]
Prepared advisory text for CVE-2018-1160

Advisory looks good to me.  All the best with the security release!
Comment 5 Ralph Böhme 2018-12-13 22:04:17 UTC 
(In reply to Andrew Bartlett from comment #4)
Thanks!

Not Samba, rofl... ;)
Comment 6 Jeremy Allison 2018-12-14 00:07:19 UTC 
Comment on attachment 14735 [details]
Prepared advisory text for CVE-2018-1160

A few tiny grammar errors around plurals, but nothing to stop ship. LGTM.
Comment 7 Ralph Böhme 2018-12-14 07:59:03 UTC 
Release is planned for Thursday 20th of December 2018.
Comment 8 Andrew Bartlett 2018-12-14 08:14:11 UTC 
For those a little confused by this mail, please let me explain.

As you can see the the advisory here, a serious security issue has been identified in Netatalk.  Netatalk like Samba is often installed to share files (with Apple Mac clients), and it was felt that by forwarding the information here we might efficiently and securely reach affected vendors.

For those confused, please be clear it is NOT an issue in Samba.  

However given Ralph's long association with and membership of the Samba Team, we felt it appropriate to aid him, and if you are such a vendor te hope you, in this way.
Comment 9 Petr Gajdos 2018-12-19 13:57:11 UTC 
Created attachment 14747 [details]
Patch for 2.0.x

Hello Ralph,

thank you for 3.x patches. Is there any patch for 2.x? I attempted to create one, it looks very simlar to patch for 3.1 except dsi->cmdlen calculation and 'AFP replaycache size option' section omission. Is it correct?
Comment 10 Ralph Böhme 2018-12-19 16:48:50 UTC 
Created attachment 14748 [details]
Patch for 2.2
Comment 11 Ralph Böhme 2018-12-19 16:49:45 UTC 
(In reply to Petr Gajdos from comment #9)
I provided an "official" patch for 2.2.
Comment 12 Petr Gajdos 2018-12-20 13:23:33 UTC 
(In reply to Ralph Böhme from comment #11)
Ralph, apologize, yes, I forgot to specify the exact version against the patch was created: 2.0.3. Thank you anyway!
Comment 13 Andrew Walker 2018-12-20 14:55:28 UTC 
Will this ticket be updated when we are clear to release? Where will the official notification regarding the issue be posted?
Comment 14 Ralph Böhme 2018-12-20 15:07:06 UTC 
(In reply to Andrew Walker from comment #13)
Netatalk 3.1.12 has just been released to address this issue. The release was announced via the usual Netatalk mailing lists.

The CVE description should appear soon on the MITRE site:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1160

Thanks everyone who helped getting this out!
Comment 15 Ralph Böhme 2018-12-20 15:08:12 UTC 
Comment on attachment 14747 [details]
Patch for 2.0.x

Patch looks good to me.
Comment 16 Petr Gajdos 2018-12-21 07:42:53 UTC 
(In reply to Ralph Böhme from comment #15)
Ralph, thank you for the review!