PT-2018-13785 · Openafs · Openafs

Jeffrey Altman

Publicado

2018-09-12

Atualizado

2024-06-15

CVE-2018-16947

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenAFS versions prior to 1.6.23 OpenAFS versions 1.8.x prior to 1.8.2

Description An issue in the backup tape controller process allows unauthenticated RPCs, resulting in operations being performed with administrator credentials. This includes dumping and restoring volume contents and manipulating the backup database. An unauthenticated attacker can replace any volume's content with arbitrary data.

Recommendations For OpenAFS versions prior to 1.6.23, update to version 1.6.23 or later. For OpenAFS versions 1.8.x prior to 1.8.2, update to version 1.8.2 or later.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2018-16947

DLA-1513-1

DSA-4302-1

MGASA-2019-0021

OPENSUSE-SU-2024:11113-1

Produtos afetados

Openafs

PT-2018-13785 · Openafs · Openafs

CVE-2018-16947

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23