Netatalk Security Advisory
| Subject | Arbitrary code execution in afp_getappl |
|---|---|
| CVE ID# | CVE-2022-45188 |
| Date | 2023/03/26 advisory published retroactively; date is approximate |
| Versions | 3.0.0 - 3.1.14, 1.5.0 - 2.2.8 |
| Summary | Heap-based buffer overflow resulting in code execution via a crafted .appl file |
Description
The afp_getappl function has a security flaw that arises
from improper validation of user-supplied data
in the form of a specially crafted .appl file,
leading to a heap-based buffer overflow.
A potential attacker can exploit this to execute arbitrary code
with root privileges. Leveraging the fce_notify_script field,
eventually leading to command execution.
The vulnerability is considered a Remote Code Execution (RCE) risk on FreeBSD and a Local Privilege Escalation (LPE) on other OSes.
Patch Availability
Apply the patch with git hash dfab568 to hotfix your local Netatalk deployment.
Additionally, Netatalk 3.1.15 and 2.2.9 have been released which contains the security patch. Netatalk administrators are advised to upgrade to this version or apply the patch as soon as possible.
CVSS Calculation
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (7.8)
Workaround
None.
Credits
Vulnerability found and reported by:
rushbnt
Patch developed by:
dgsga of the Netatalk team
References
Go back to the Security Policy.
