PT-2018-13785 · Openafs · Openafs

Jeffrey Altman

Published

2018-09-12

Updated

2024-06-15

CVE-2018-16947

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenAFS versions prior to 1.6.23 OpenAFS versions 1.8.x prior to 1.8.2

Description An issue in the backup tape controller process allows unauthenticated RPCs, resulting in operations being performed with administrator credentials. This includes dumping and restoring volume contents and manipulating the backup database. An unauthenticated attacker can replace any volume's content with arbitrary data.

Recommendations For OpenAFS versions prior to 1.6.23, update to version 1.6.23 or later. For OpenAFS versions 1.8.x prior to 1.8.2, update to version 1.8.2 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-16947

DLA-1513-1

DSA-4302-1

MGASA-2019-0021

OPENSUSE-SU-2024:11113-1

Affected Products

Openafs

PT-2018-13785 · Openafs · Openafs

CVE-2018-16947

Weakness Enumeration

Related Identifiers

Affected Products

References · 23