cve@mitre.org reports:
This entry documents the following three vulnerabilities:
- Netatalk before 3.2.1 has an off-by-one error and resultant heap-based
buffer overflow because of setting ibuf[len] to '\0' in
FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19
are also fixed versions.
- Netatalk before 3.2.1 has an off-by-one error, and resultant
heap-based buffer overflow and segmentation violation, because of
incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c.
The original issue 1097 report stated: 'The latest version of
Netatalk (v3.2.0) contains a security vulnerability. This vulnerability
arises due to a lack of validation for the length field after parsing
user-provided data, leading to an out-of-bounds heap write of one
byte (\0). Under specific configurations, this can result in reading
metadata of the next heap block, potentially causing a Denial of
Service (DoS) under certain heap layouts or with ASAN enabled. ...
- Netatalk before 3.2.1 has an off-by-one error and resultant heap-based
buffer overflow because of setting ibuf[PASSWDLEN] to '\0'
in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19
are also fixed versions.