CVE-2023-42464

Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)

Published: Sep 20, 2023 / Updated: 14mo ago

010
CVSS 9.8EPSS 0.19%Critical
CVE info copied to clipboard

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-42464. See article

Sep 18, 2023 at 7:14 AM / www.cybersecurity-help.cz
CVE Assignment

NVD published the first details for CVE-2023-42464

Sep 20, 2023 at 3:15 PM
EPSS

EPSS Score was set to: 0.19% (Percentile: 56.4%)

Sep 23, 2023 at 7:42 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (200000)

Dec 12, 2023 at 6:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (186773)

Dec 12, 2023 at 6:15 PM
Static CVE Timeline Graph

Affected Systems

Debian/debian_linux
+null more

Patches

github.com
+null more

References

Critical Vulnerabilities in Netatalk AFP Server
Security researchers have discovered multiple vulnerabilities in the Netatalk implementation of the Apple Filing Protocol (AFP) in Debian Linux. These include buffer overflow, out-of-bounds read, and other memory corruption issues that could allow remote attackers to execute arbitrary code or disclose sensitive information. The vulnerabilities affect Netatalk versions before 3.1.12~ds-8+deb11u1. The Debian bug tracking system and Mitre’s CVE dictionary track this under the identifiers CVE-2021-31439, CVE-2022-0194, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-43634, CVE-2022-45188, and CVE-2023-42464. Impact: These vulnerabilities could allow remote attackers to take control of Netatalk servers or access sensitive data by sending crafted requests. Successfully exploiting them may lead to infrastructure compromise, information disclosure, and further penetration into internal networks. Recommendation: Organizations using the oldstable distribution (bullseye) of Debian should immediately apply the security update provided in version 3.1.12~ds-8+deb11u1.

News

Episode 216
For the final episode of 2023 we discuss challenges in creating PoCs for vulns in tar and the looming EOL for Ubuntu 23.04, plus we look into security updates for curl, BlueZ, Netatalk, GNOME Settings and a heap more. When processing the archive, tar would allocate space for these on the stack - BUT the stack is limited to a maximum size of 8MB normally - so if can specify an xattr name of more than 8MB can overflow the entire stack memory region - then into guard pages or even beyond, triggering a segfault or at worst a heap corruption and hence possible RCE -> but in Ubuntu we have enabled stack clash protection since 19.10 - which turns this into a DoS only
Ubuntu Security Notice USN-6552-1
Ubuntu Security Notice 6552-1 - Florent Saudel and Arnaud Gatignol discovered that Netatalk incorrectly handled certain specially crafted Spotlight requests. A remote attacker could possibly use this issue to cause heap corruption and execute arbitrary code.
PostfixAdmin, Ghostscript, Netatalk, and more updates for Ubuntu
A remote attacker could possibly use this issue to cause Ghostscript to in the Linux kernel, leading to a use after free vulnerability.
Security: Ausführen beliebiger Kommandos in Netatalk (Ubuntu)
A security issue affects these releases of Ubuntu and its derivatives: Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Netatalk vulnerability (USN-6552-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6552-1 advisory. - A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17.
See 38 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI