netatalk.io

Netatalk Security Advisory

Subject
etc2ps.sh vulnerable to symlink attack
CVE ID
CAN-2004-0974
Date of Publishing
2004/10/24 advisory published retroactively; date is approximate
Affected Netatalk Versions
2.0.0
- 1.6.4
Summary
The etc2ps.sh script allows local users to overwrite files

Description

The etc2ps.sh script delivered with all Netatalk versions prior to 2.0.1 allows local users to overwrite files via a symlink attack on temporary files.

Patch Availability

No patch available (CVS branch has been lost).

Netatalk 2.0.1 and 1.6.4a have been released which contain the updated script. Netatalk administrators are advised to upgrade to this version as soon as possible.

CVSS Calculation

N/A

Workaround

None.

Credits

Vulnerability found and reported by:
Trustix
Patch developed by:
Bjoern Fernhomberg of the Netatalk team

Go back to Support