SB2018100938 - Improper Authentication in tinc (Alpine package)
Published: October 9, 2018
Security Bulletin ID
SB2018100938
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Authentication (CVE-ID: CVE-2018-16738)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=a81e84b56a240e3ca575ba9d0aca7f3fedb518d0
- https://git.alpinelinux.org/aports/commit/?id=4bae97cf753480617c190b18324ad04d705294b6
- https://git.alpinelinux.org/aports/commit/?id=4d5a8dd7fdeb7671773360ec78521fd9557ababf
- https://git.alpinelinux.org/aports/commit/?id=28150adaf85ebb64ea4668c5fa3e5658e46058e7