Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-42464
HistorySep 16, 2023 - 12:00 a.m.

CVE-2023-42464

2023-09-1600:00:00
ubuntu.com
ubuntu.com
20
netatalk
type confusion
remote code execution
spotlight rpc
security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.215

Percentile

96.5%

A Type Confusion vulnerability was found in the Spotlight RPC functions in
afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets,
one encoded data structure is a key-value style dictionary where the keys
are character strings, and the values can be any of the supported types in
the underlying protocol. Due to a lack of type checking in callers of the
dalloc_value_for_key() function, which returns the object associated with a
key, a malicious actor may be able to fully control the value of the
pointer and theoretically achieve Remote Code Execution on the host. This
issue is similar to CVE-2023-34967.

Bugs

Notes

Author Note
sbeattie 2.x versions and older do not support the spotlight protocol, support introduced in 3.1.0 code affected shares origin with samba’s mdssvc.c; this issue is the netatalk version of the samba CVE-2023-34967
OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchnetatalk< 3.1.12~ds-4ubuntu0.20.04.3UNKNOWN
ubuntu22.04noarchnetatalk< 3.1.12~ds-9ubuntu0.22.04.3UNKNOWN
ubuntu23.04noarchnetatalk< 3.1.14~ds-1ubuntu0.1UNKNOWN
ubuntu24.04noarchnetatalk< anyUNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.215

Percentile

96.5%