Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6146-1

Ubuntu Security Notice 6146-1 - It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the user invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Netatalk did not properly validate the length of user-supplied data in the ad_addcomment function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Packet Storm
#vulnerability#apple#ubuntu#perl

==========================================================================
Ubuntu Security Notice USN-6146-1
June 08, 2023

netatalk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 16.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Netatalk.

Software Description:

  • netatalk: Apple Filing Protocol service

Details:

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the DSI structures. A remote attacker could possibly
use this issue to execute arbitrary code with the privileges of the user
invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu
22.04 LTS. (CVE-2021-31439)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the ad_addcomment function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-0194)

It was discovered that Netatalk did not properly handle errors when parsing
AppleDouble entries. A remote attacker could possibly use this issue to
execute arbitrary code with root privileges. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-23121)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the setfilparams function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-23122)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the getdirparams function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23123)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the get_finderinfo function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-23124)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the copyapplfile function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23125)

It was discovered that Netatalk did not properly validate the length of
user-supplied data in the dsi_writeinit function. A remote attacker could
possibly use this issue to execute arbitrary code with root privileges.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu
22.10. (CVE-2022-43634)

It was discovered that Netatalk did not properly manage memory under
certain circumstances. If a user were tricked into opening a specially
crafted .appl file, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2022-45188)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
netatalk 3.1.13~ds-2ubuntu0.22.10.1

Ubuntu 22.04 LTS:
netatalk 3.1.12~ds-9ubuntu0.22.04.1

Ubuntu 20.04 LTS:
netatalk 3.1.12~ds-4ubuntu0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
netatalk 2.2.6-1ubuntu0.18.04.2+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
netatalk 2.2.5-1ubuntu0.2+esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
netatalk 2.2.2-1ubuntu2.2+esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6146-1
CVE-2021-31439, CVE-2022-0194, CVE-2022-23121, CVE-2022-23122,
CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-43634,
CVE-2022-45188

Package Information:
https://launchpad.net/ubuntu/+source/netatalk/3.1.13~ds-2ubuntu0.22.10.1
https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-9ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-4ubuntu0.20.04.1

Related news

Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager

A security flaw has been disclosed in Kyocera’s Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems. "This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a malicious SMB share, to capture or relay Active Directory hashed credentials if the ‘Restrict NTLM: Outgoing NTLM

Gentoo Linux Security Advisory 202311-02

Gentoo Linux Security Advisory 202311-2 - Multiple vulnerabilities have been discovered in Netatalk, which could lead to remote code execution Versions greater than or equal to 3.1.18 are affected.

Debian Security Advisory 5503-1

Debian Linux Security Advisory 5503-1 - Multiple security issues were discovered in Netatalk, an implementation of the Apple Filing Protocol (AFP) for offering file service (mainly) to macOS clients, which may result in the execution of arbitrary code or information disclosure.

CVE-2022-43634: fix CVE-2022-43634 by eh-syn · Pull Request #186 · Netatalk/netatalk

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.

CVE-2022-23122: Netatalk Release Notes

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.

CVE-2022-23122: Netatalk Release Notes

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.

CVE-2022-0194: ZDI-22-530

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.

CVE-2022-23122: Netatalk Release Notes

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.

CVE-2022-23125: ZDI-22-526

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.

CVE-2022-23121: ZDI-22-527

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.

CVE-2022-23122: Netatalk Release Notes

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.

CVE-2022-23122: Netatalk Release Notes

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.

CVE-2022-23122: Netatalk Release Notes

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.

CVE-2022-23122: Netatalk Release Notes

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.

CVE-2022-23123: ZDI-22-528

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.

CVE-2022-45188: [1day to 0day] Netatalk from Pwn2own 2021 to 0x00 cent in 2022

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

CVE-2022-45188: [1day to 0day] Netatalk from Pwn2own 2021 to 0x00 cent in 2022

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Roundtable: Amid Cyberattack Frenzy, How Can QNAP Customers Protect the Business?

Our roundtable of cybersecurity experts weighs in on what makes QNAP network-attached storage catnip for attackers, and what organizations can do about it.

Roundtable: Amid Cyberattack Frenzy, How Can QNAP Customers Protect the Business?

Our roundtable of cybersecurity experts weighs in on what makes QNAP network-attached storage catnip for attackers, and what organizations can do about it.

Roundtable: Amid Cyberattack Frenzy, How Can QNAP Customers Protect the Business?

Our roundtable of cybersecurity experts weighs in on what makes QNAP network-attached storage catnip for attackers, and what organizations can do about it.

CVE-2022-22995: WDC-22005 Netatalk Security Vulnerabilities | Western Digital

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

CVE-2021-31439: ZDI-21-492

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.

CVE-2021-26569: Synology_SA_20_26 | Synology Inc.

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

Packet Storm: Latest News

TOR Virtual Network Tunneling Tool 0.4.8.13