[Pkg-netatalk-devel] Bug#1053545: CVE-2022-22995: netatalk afpd vulnerable to symlink spoofing
Daniel Markstedt
daniel at mindani.net
Thu Oct 5 23:49:37 BST 2023
Package: netatalk
Version: 3.1.12~ds-3
Severity: critical
Tags: security
Justification: root security hole
X-Debbugs-Cc: pkg-netatalk-devel at alioth-lists.debian.net, Debian Security Team <team at security.debian.org>
Under very specific circumstances, netatalk can be tricked into copying a symlink or other malicious file from the shared volume into a restricted place in the file system, potentially achieving remote code execution. All versions of netatalk from 3.1.0 to 3.1.17 are vulnerable.
The CVE-2022-22995 advisory was published over a year ago, but the details of the exploit weren't disclosed at the time:
https://nvd.nist.gov/vuln/detail/cve-2022-22995
It was only recently that we in the upstream team were able to get in touch with original security researchers to gain enough insights to formulate a patch and publish our own security advisory:
https://netatalk.sourceforge.io/CVE-2022-22995.php
More information about the pkg-netatalk-devel
mailing list