Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 915354 (CVE-2022-22995)

Summary: <net-fs/netatalk-3.1.18: Remote code execution
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: blocker CC: maintainer-needed
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=881259
Whiteboard: B0 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 915632    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-10-08 05:21:07 UTC 
See https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities.

"The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code."
Comment 1 Larry the Git Cow gentoo-dev 2023-10-08 05:33:16 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ed8f4f1c1a5662225e5c333670266ab038348ac

commit 4ed8f4f1c1a5662225e5c333670266ab038348ac
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-10-08 05:31:15 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-10-08 05:31:15 +0000

    net-fs/netatalk: add 3.1.18
    
    Bug: https://bugs.gentoo.org/915354
    Closes: https://bugs.gentoo.org/915211
    Closes: https://bugs.gentoo.org/915212
    Signed-off-by: Sam James <sam@gentoo.org>

 net-fs/netatalk/Manifest               |   1 +
 net-fs/netatalk/netatalk-3.1.18.ebuild | 172 +++++++++++++++++++++++++++++++++
 2 files changed, 173 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-11-01 14:47:11 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=c9c5667418b482993cc73092e63caaffa8554c8f

commit c9c5667418b482993cc73092e63caaffa8554c8f
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-01 14:46:24 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-01 14:46:58 +0000

    [ GLSA 202311-02 ] Netatalk: Multiple Vulnerabilities including root remote code execution
    
    Bug: https://bugs.gentoo.org/837623
    Bug: https://bugs.gentoo.org/881259
    Bug: https://bugs.gentoo.org/915354
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-02.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)