Test Kennung:	1.3.6.1.4.1.25623.1.0.124500
Kategorie:	Buffer overflow
Titel:	Netatalk 3.1.x < 3.1.17 RCE Vulnerability
Zusammenfassung:	Netatalk is prone to a remote code execution (RCE); vulnerability.
Beschreibung:	Summary: Netatalk is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve remote code execution on the host. Vulnerability Impact: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. Affected Software/OS: Netatalk version 3.1.x prior to 3.1.17. Solution: Update to version 3.1.17 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-42464 Debian Security Information: DSA-5503 (Google Search) https://www.debian.org/security/2023/dsa-5503 https://netatalk.sourceforge.io/ https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.html https://netatalk.sourceforge.io/CVE-2023-42464.php https://lists.debian.org/debian-lts-announce/2023/09/msg00031.html
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.