Netatalk Security Advisory
- Subject
- etc2ps.sh vulnerable to symlink attack
- CVE ID
- CAN-2004-0974
- Date of Publishing
- 2004/10/24 advisory published retroactively; date is approximate
- Affected Netatalk Versions
- 2.0.0
- - 1.6.4
- Summary
- The etc2ps.sh script allows local users to overwrite files
Description
The etc2ps.sh script delivered with all Netatalk versions prior to 2.0.1 allows local users to overwrite files via a symlink attack on temporary files.
Patch Availability
No patch available (CVS branch has been lost).
Netatalk 2.0.1 and 1.6.4a have been released which contain the updated script. Netatalk administrators are advised to upgrade to this version as soon as possible.
CVSS Calculation
N/A
Workaround
None.
Credits
- Vulnerability found and reported by:
- Trustix
- Patch developed by:
- Bjoern Fernhomberg of the Netatalk team