This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
The product writes data past the end, or before the beginning, of the intended buffer.
| Link | Tags |
|---|---|
| https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html | release notes |
| https://www.zerodayinitiative.com/advisories/ZDI-22-530/ | third party advisory vdb entry |
| https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html | third party advisory mailing list |
| https://www.debian.org/security/2023/dsa-5503 | third party advisory vendor advisory |
| https://security.gentoo.org/glsa/202311-02 | vendor advisory third party advisory issue tracking |