Description: "A vulnerability has been reported in Netatalk, which potentially can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the papd daemon improperly sanitising several received parameters before passing them in a call to "popen()". This can be exploited to execute arbitrary commands via a specially crafted printing request. Successful exploitation requires that a printer is configured to pass arbitrary values as parameters to a piped command. The vulnerability is reported in versions prior to 2.0.4-beta2."
Bruno, feel free to cc maintainers on security bugs you forward from trusted sources (secunia, CVE).
CVE-2008-5718 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5718): "The papd daemon in Netatalk before 2.0.4-beta2 allows remote attackers to execute arbitrary commands via shell metacharacters in a print request. NOTE: some of these details are obtained from third party information."
Uh I haven't maintained this in such a long time; I guess I should get back on it?
(In reply to comment #3) > Uh I haven't maintained this in such a long time; I guess I should get back on > it? > Well, it's up to you Diego :P But if you don't want, then the package is orphaned and i think we should mask it, as it's vulnerable. Maybe send to the treecleaners if no one use it anymore...
Nico Golde informed us that the patch is incomplete, a more complete patch can be found on http://people.debian.org/~nion/213_CVE-2008-5718.patch and in the CVS. Upstream plans for another beta incorporating this patch.
Created attachment 200691 [details, diff] netatalk-2.0.4-CVE-2008-5718.patch Upstream has removed all variable expansion in printer names as a fix for this vulnerability. This patch is from the netatalk-2 branch and applies to the 2.0.4 release cleanly. It needs some cleaning for the 2.0.3 release though, please bump and apply.
netatalk-2.0.5 is in the tree
Arches, please test and mark stable: =net-fs/netatalk-2.0.5-r1 Target keywords : "amd64 arm ppc ppc64 sh sparc x86"
x86 stable
amd64/arm stable
ppc64 done
Marked ppc stable.
sh/sparc stable
all arches are done ... ready for glsa
GLSA Vote: no.
Closing noglsa with two No votes.