CVE-2018-16947 - OpenCVE

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Openafs	Openafs

Configuration 1 [-]

OR	cpe:2.3:a:openafs:openafs::::::::
	cpe:2.3:a:openafs:openafs::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

No data.

References

Link	Providers
http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html
https://www.debian.org/security/2018/dsa-4302

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-12T01:00:00

Updated: 2024-08-05T10:39:58.033Z

Reserved: 2018-09-11T00:00:00

Link: CVE-2018-16947

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-09-12T01:29:00.390

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-16947

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-24T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"}, {"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"}, {"name": "DSA-4302", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4302"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16947", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt", "refsource": "CONFIRM", "url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"}, {"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"}, {"name": "DSA-4302", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4302"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:39:58.033Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"}, {"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"}, {"name": "DSA-4302", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4302"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-16947", "datePublished": "2018-09-12T01:00:00", "dateReserved": "2018-09-11T00:00:00", "dateUpdated": "2024-08-05T10:39:58.033Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA89B3F9-E528-4454-AC07-C4CC229CE95C", "versionEndExcluding": "1.6.23", "vulnerable": true}, {"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*", "matchCriteriaId": "E83EF0AF-3D2F-46F7-BB02-E3B3841A1487", "versionEndExcluding": "1.8.2", "versionStartIncluding": "1.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data."}, {"lang": "es", "value": "Se ha descubierto un problema en OpenAFS, en versiones anteriores a la 1.6.23 y versiones 1.8.x anteriores a la 1.8.2. El proceso butc (backup tape controller) acepta los RPC entrantes, pero no requiere (ni permite) la autenticaci\u00f3n de dichos RPC. El manejo de los RPC resulta en que las operaciones se realizan con credenciales de administrador, incluyendo el contenido de los vol\u00famenes dumping/restoring y en que se manipula la base de datos de backups. Por ejemplo, un atacante no autenticado puede reemplazar el contenido de cualquier volumen con datos arbitrarios."}], "id": "CVE-2018-16947", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-12T01:29:00.390", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4302"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}