Showing 1 - 3 of 3

CVE-2022-23121

Status Candidate

Overview

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.

Related Files

Gentoo Linux Security Advisory 202311-02: Posted Nov 13, 2023; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202311-2 - Multiple vulnerabilities have been discovered in Netatalk, which could lead to remote code execution Versions greater than or equal to 3.1.18 are affected.; tags | advisory, remote, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2021-31439, CVE-2022-0194, CVE-2022-22995, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-45188; SHA-256 | 3687fbcff94cb1bbeaceabbe41b00d5ee9b888089068ad7eb0a75654d3861d85; Download | Favorite | View

Debian Security Advisory 5503-1: Posted Sep 21, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5503-1 - Multiple security issues were discovered in Netatalk, an implementation of the Apple Filing Protocol (AFP) for offering file service (mainly) to macOS clients, which may result in the execution of arbitrary code or information disclosure.; tags | advisory, arbitrary, protocol, info disclosure; systems | linux, debian, apple; advisories | CVE-2021-31439, CVE-2022-0194, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-43634, CVE-2022-45188, CVE-2023-42464; SHA-256 | 3ad19cdf2f3e4a2e4515cadb2985e91ea06909ebbd3aa9ef44bfbdc77aef9dab; Download | Favorite | View

Ubuntu Security Notice USN-6146-1: Posted Jun 8, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6146-1 - It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the user invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Netatalk did not properly validate the length of user-supplied data in the ad_addcomment function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.; tags | advisory, remote, arbitrary, root; systems | linux, ubuntu; advisories | CVE-2021-31439, CVE-2022-0194, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-43634, CVE-2022-45188; SHA-256 | 0a3668c0e69cd8ae683363baf9ba82938a5c5b1456134e2145fda35db4ca4ee9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 136 files
Ubuntu 64 files
Gentoo 33 files
Debian 27 files
Jay Turla 21 files
Kris Katterjohn 9 files
Sebastian Hamann 8 files
Jann Horn 7 files
Moritz Abrell 6 files

File Archives

Systems

AIX (429)
Apple (2,100)
BSD (377)
CentOS (58)
Cisco (1,929)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (381)
iPhone (108)
IRIX (220)
Juniper (70)
Linux (50,946)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,659)
Slackware (941)
Solaris (1,612)
SUSE (1,444)
Ubuntu (9,784)
UNIX (9,443)
UnixWare (187)
Windows (6,691)
Other

CVE-2022-23121

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems