Candidate: CVE-2018-16947
PublicDate: 2018-09-12 01:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16947
 http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
Description:
 An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2.
 The backup tape controller (butc) process accepts incoming RPCs but does
 not require (or allow for) authentication of those RPCs. Handling those
 RPCs results in operations being performed with administrator credentials,
 including dumping/restoring volume contents and manipulating the backup
 database. For example, an unauthenticated attacker can replace any volume's
 content with arbitrary data.
Ubuntu-Description:
Notes:
 msalvatore> Per the upstream developers, "The in-tree backup suite is not believed to be in common
 msalvatore> use, so in that sense the impact is limited.  Applying a strict firewall
 msalvatore> policy can also reduce the exposure of the butc to untrusted input and
 msalvatore> provide some level of remediation."
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908616
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_openafs:
upstream_openafs: released (1.8.2-1)
precise/esm_openafs: DNE
trusty_openafs: ignored (reached end-of-life)
trusty/esm_openafs: DNE (trusty was needs-triage)
xenial_openafs: ignored (end of standard support, was needed)
bionic_openafs: needed
cosmic_openafs: ignored (reached end-of-life)
disco_openafs: not-affected (1.8.2-1ubuntu0.1)
eoan_openafs: not-affected (1.8.4~pre1-1ubuntu2)
focal_openafs: not-affected (1.8.4~pre1-1ubuntu2)
groovy_openafs: not-affected (1.8.4~pre1-1ubuntu2)
hirsute_openafs: not-affected (1.8.4~pre1-1ubuntu2)
impish_openafs: not-affected (1.8.4~pre1-1ubuntu2)
jammy_openafs: not-affected (1.8.4~pre1-1ubuntu2)
devel_openafs: not-affected (1.8.4~pre1-1ubuntu2)