SecuritySpace - CVE-2018-16947

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2018-16947

Description: An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.

Test IDs: 1.3.6.1.4.1.25623.1.0.891513 1.3.6.1.4.1.25623.1.0.704302

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2018-16947
Debian Security Information: DSA-4302 (Google Search)
https://www.debian.org/security/2018/dsa-4302
https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html

CVE ID:	CVE-2018-16947
Description:	An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.
Test IDs:	1.3.6.1.4.1.25623.1.0.891513 1.3.6.1.4.1.25623.1.0.704302
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2018-16947 Debian Security Information: DSA-4302 (Google Search) https://www.debian.org/security/2018/dsa-4302 https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html