See https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities. "The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ed8f4f1c1a5662225e5c333670266ab038348ac commit 4ed8f4f1c1a5662225e5c333670266ab038348ac Author: Sam James <sam@gentoo.org> AuthorDate: 2023-10-08 05:31:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-08 05:31:15 +0000 net-fs/netatalk: add 3.1.18 Bug: https://bugs.gentoo.org/915354 Closes: https://bugs.gentoo.org/915211 Closes: https://bugs.gentoo.org/915212 Signed-off-by: Sam James <sam@gentoo.org> net-fs/netatalk/Manifest | 1 + net-fs/netatalk/netatalk-3.1.18.ebuild | 172 +++++++++++++++++++++++++++++++++ 2 files changed, 173 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=c9c5667418b482993cc73092e63caaffa8554c8f commit c9c5667418b482993cc73092e63caaffa8554c8f Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-11-01 14:46:24 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-11-01 14:46:58 +0000 [ GLSA 202311-02 ] Netatalk: Multiple Vulnerabilities including root remote code execution Bug: https://bugs.gentoo.org/837623 Bug: https://bugs.gentoo.org/881259 Bug: https://bugs.gentoo.org/915354 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202311-02.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+)