Critical severity9.8NVD Advisory· Published Sep 12, 2018· Updated Jun 17, 2026
CVE-2018-16947
CVE-2018-16947
Description
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- openafs.org/pages/security/OPENAFS-SA-2018-001.txtnvdVendor Advisory
- lists.debian.org/debian-lts-announce/2018/09/msg00024.htmlnvdThird Party Advisory
- www.debian.org/security/2018/dsa-4302nvdThird Party Advisory
News mentions
0No linked articles in our index yet.