ID de Prueba:	1.3.6.1.4.1.25623.1.0.124500
Categoría:	Buffer overflow
Título:	Netatalk 3.1.x < 3.1.17 RCE Vulnerability
Resumen:	Netatalk is prone to a remote code execution (RCE); vulnerability.
Descripción:	Summary: Netatalk is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve remote code execution on the host. Vulnerability Impact: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. Affected Software/OS: Netatalk version 3.1.x prior to 3.1.17. Solution: Update to version 3.1.17 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-42464 Debian Security Information: DSA-5503 (Google Search) https://www.debian.org/security/2023/dsa-5503 https://netatalk.sourceforge.io/ https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.html https://netatalk.sourceforge.io/CVE-2023-42464.php https://lists.debian.org/debian-lts-announce/2023/09/msg00031.html
Copyright	Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.