Netatalk Security Advisory
| Subject | Heap out-of-bounds write in uams_dhx_pam.c |
|---|---|
| CVE ID# | CVE-2024-38440 |
| Date | 2024/06/28 |
| Versions | 3.2.0, 3.0.0 - 3.1.18, 1.5.0 - 2.4.0 |
| Summary | Lack of user input validation can lead to an out-of-bounds heap write |
Description
This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled.
The vulnerable code paths are thought to have been added in the version 1.5.0 release cycle of Netatalk.
Patch Availability
Apply the patch with git hash 77b5d99 to hotfix your local Netatalk deployment.
Additionally, Netatalk 2.4.1, 3.1.19, and 3.2.1 have been released which include the security patch. Netatalk administrators are advised to upgrade to this version or apply the patch as soon as possible.
CVSS Calculation
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (7.3)
Workaround
Disable the uams_dhx.so authentication module in your afp.conf file.
Credits
Vulnerability found and reported by:
flysoar
Patch developed by:
Daniel Markstedt of the Netatalk team
Go back to the Security Policy.
