CVE-2018-1320

NameCVE-2018-1320
DescriptionApache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1662-1
NVD severitymedium (attack range: remote)
Debian Bugs918736

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libthrift-java (PTS)jessie (security)0.9.1-2+deb8u1fixed
jessie, stretch0.9.1-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libthrift-javasource(unstable)0.9.1-2.1medium918736
libthrift-javasourcejessie0.9.1-2+deb8u1mediumDLA-1662-1

Notes

[stretch] - libthrift-java <no-dsa> (Minor issue)
https://issues.apache.org/jira/browse/THRIFT-4506
https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e

Search for package or bug name: Reporting problems