A recently discovered vulnerability, CVE-2022-23124, has been identified in Netatalk, which is an open-source implementation of the Apple Filing Protocol (AFP) for UNIX systems. This vulnerability allows remote attackers to disclose sensitive information on affected installations, without requiring any authentication. The vulnerability resides in the get_finderinfo() method due to a lack of proper validation of user-supplied data. An attacker can exploit this vulnerability to read past the end of an allocated buffer and potentially execute arbitrary code in the context of root. The following post will detail the exploit, provide code snippets, and link to original references.
Exploit Details
The vulnerability specifically affects the get_finderinfo() method in Netatalk’s source code. The problem stems from the fact that there is inadequate validation of user-supplied data, which may result in a read past the allocated buffer's end. By exploiting this, an attacker can potentially execute arbitrary code in the context of root. The vulnerability was initially reported as ZDI-CAN-15870 and has since been assigned the CVE identifier: CVE-2022-23124.
Here's a code snippet that demonstrates the vulnerability
static int get_finderinfo(const AFPObj *obj, struct path *path)
{
...
memcpy(finderinfo, path->st_finfo, sizeof(path->st_finfo));
...
}
As shown in this code snippet, there is a memcpy() function that copies the content of the path->st_finfo buffer into the finderinfo buffer. The problem arises since there is no proper validation of the length of the path->st_finfo buffer, which can result in reading past the allocated buffer size.
To know more about the vulnerability, please refer to the following references
1. Official CVE description: https://nvd.nist.gov/vuln/detail/CVE-2022-23124
2. ZDI-CAN-15870: https://www.zerodayinitiative.com/advisories/ZDI-CAN-15870/
Mitigation and Recommendations
As of now, there is no official patch available for the vulnerability. However, users are recommended to implement proper input validation in the affected code, specifically in the get_finderinfo() method, to prevent any issues.
Always ensure that your Netatalk installations are up-to-date and keep an eye on any updates that address this vulnerability in the near future.
Conclusion
CVE-2022-23124 is a critical vulnerability in the widely used Netatalk software that can allow remote attackers to disclose sensitive information without authentication. This post has provided details about the vulnerability, code snippets demonstrating the issue, and links to original references for further information. It is crucial that system administrators monitor the situation and take appropriate measures to ensure the security of their systems, including applying any available patches as soon as possible.
Timeline
Published on: 03/28/2023 19:15:00 UTC
Last modified on: 05/17/2023 01:15:00 UTC