netatalk.io

search netatalk.io

powered by DuckDuckGo

Netatalk Security Advisory

Subject etc2ps.sh vulnerable to symlink attack
CVE ID# CAN-2004-0974
Date 2004/10/24 advisory published retroactively; date is approximate
Versions 2.0.0, 1.0 - 1.6.4
Summary The etc2ps.sh script allows local users to overwrite files

Description

The etc2ps.sh script delivered with all Netatalk versions prior to 2.0.1 allows local users to overwrite files via a symlink attack on temporary files.

Patch Availability

Apply this patch to hotfix your local Netatalk deployment.

Additionally, Netatalk 2.0.1 and 1.6.4a have been released which contain the updated script. Netatalk administrators are advised to upgrade to this version as soon as possible.

CVSS Calculation

N/A

Workaround

None.

Credits

Vulnerability found and reported by:

Trustix

Patch developed by:

Bjoern Fernhomberg of the Netatalk team

Go back to the Security Policy.

Valid HTML5 Valid CSS

Netatalk and the Netatalk website are licensed under the GNU General Public License 2.0.