Debian Netatalk vulnerabilities

CVE-2024-38441 [CRITICAL] CVE-2024-38441: netatalk - Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer ov... Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions. Scope: local bullseye: resolved (fixed in 3.1.12~ds-8+deb11u2) forky: resolved (fixed in 3.1.18~ds-2) sid: resolved (fixed in 3.1.18~ds-2) trixi

CVE-2024-38439 [CRITICAL] CVE-2024-38439: netatalk - Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer ov... Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed versions. Scope: local bullseye: resolved (fixed in 3.1.12~ds-8+deb11u2) forky: resolved (fixed in 3.1.18~ds-2) sid: resolved (fixed in 3.1.18~ds-2) trixi

CVE-2024-38440 [HIGH] CVE-2024-38440: netatalk - Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer o... Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation f

CVE-2023-42464 [MEDIUM] CVE-2023-42464: netatalk - A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd ... A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers

CVE-2022-23124 [CRITICAL] CVE-2022-23124: netatalk - This vulnerability allows remote attackers to disclose sensitive information on ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allo

CVE-2022-43634 [CRITICAL] CVE-2022-43634: netatalk - This vulnerability allows remote attackers to execute arbitrary code on affected... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-b

CVE-2022-23122 [CRITICAL] CVE-2022-23122: netatalk - This vulnerability allows remote attackers to execute arbitrary code on affected... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-b

CVE-2022-23125 [CRITICAL] CVE-2022-23125: netatalk - This vulnerability allows remote attackers to execute arbitrary code on affected... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-l

CVE-2022-23123 [CRITICAL] CVE-2022-23123: netatalk - This vulnerability allows remote attackers to disclose sensitive information on ... This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an alloca

CVE-2022-0194 [CRITICAL] CVE-2022-0194: netatalk - This vulnerability allows remote attackers to execute arbitrary code on affected... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-ba

CVE-2022-23121 [CRITICAL] CVE-2022-23121: netatalk - This vulnerability allows remote attackers to execute arbitrary code on affected... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerabilit

CVE-2022-22995 [CRITICAL] CVE-2022-22995: netatalk - The combination of primitives offered by SMB and AFP in their default configurat... The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. Scope: local bullseye: resolved (fixed in 3.1.12~ds-8+deb11u2) forky: resolved (fixed in 3.1.18~ds-1) sid: resolved (fixed in 3.1.18~ds-1) trixie: resolv

CVE-2022-45188 [HIGH] CVE-2022-45188: netatalk - Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting ... Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). Scope: local bullseye: resolved (fixed in 3.1.12~ds-8+deb11u1) forky: resolved (fixed in 3.1.15~ds-1) sid: resolved (fixed in 3.1.15~ds-1) trixie: resolved

CVE-2021-31439 [HIGH] CVE-2021-31439: netatalk - This vulnerability allows network-adjacent attackers to execute arbitrary code o... This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data p

CVE-2018-1160 [CRITICAL] CVE-2018-1160: netatalk - Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c... Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. Scope: local bullseye: resolved (fixed in 2.2.6-2) forky: resolved (fixed in 2.2.6-2) sid: resolved (fixed in 2.

CVE-2008-5718 [CRITICAL] CVE-2008-5718: netatalk - The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in ... The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title. Scope: local bullseye: resolved (fixed in 2.0.4~beta2-1) forky: resolved (fixed in 2.0.4~beta2-1) sid: resolved

CVE-2004-0974 [LOW] CVE-2004-0974: netatalk - The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other... The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. Scope: local bullseye: resolved (fixed in 1.6.4a-1) forky: resolved (fixed in 1.6.4a-1) sid: resolved (fixed in 1.6.4a-1) trixie: resolved (fixed in 1.6.4a-1)