ProHoster > Блог > labaran intanet > Mummunan lahani a cikin Netatalk yana haifar da aiwatar da lambar nesa

Mummunan lahani a cikin Netatalk yana haifar da aiwatar da lambar nesa

A cikin Netatalk, uwar garken da ke aiwatar da ka'idojin hanyar sadarwa na AppleTalk da Apple Filing Protocol (AFP), an gano lahani guda shida masu amfani da nesa waɗanda ke ba ku damar tsara aiwatar da lambar ku tare da haƙƙin tushen ta hanyar aika fakiti na musamman. Ana amfani da Netatalk da yawancin masana'antun na'urorin ajiya (NAS) don samar da raba fayil da samun dama ga masu bugawa daga kwamfutocin Apple, alal misali, an yi amfani da shi a cikin na'urorin Western Digital (an warware matsalar ta hanyar cire Netatalk daga WD firmware). Ana kuma haɗa Netatalk a cikin rabawa da yawa, gami da OpenWRT (an cire kamar na OpenWrt 22.03), Debian, Ubuntu, SUSE, Fedora da FreeBSD, amma ba a amfani da su ta tsohuwa. An warware batutuwan a cikin sakin Netatalk 3.1.13.

Abubuwan da aka gano:

  • CVE-2022-0194 - Ayyukan ad_addcomment() baya duba girman bayanan waje da kyau kafin a kwafa shi zuwa madaidaicin buffer. Rashin lahani yana ba wa maharin nesa ba tare da tantancewa ba don aiwatar da lambar su tare da tushen gata.
  • CVE-2022-23121 - Kuskuren da ba daidai ba a cikin aikin parse_entries() wanda ke faruwa lokacin da ake tantance shigarwar AppleDouble. Rashin lahani yana ba wa maharin nesa ba tare da tantancewa ba don aiwatar da lambar su tare da tushen gata.
  • CVE-2022-23122 - Ayyukan setfilparams () baya bincika girman bayanan waje daidai kafin kwafa shi zuwa madaidaicin buffer. Rashin lahani yana ba wa maharin nesa ba tare da tantancewa ba don aiwatar da lambar su tare da tushen gata.
  • CVE-2022-23124 Rashin ingantaccen ingantaccen shigarwar shigarwa a cikin hanyar get_finderinfo(), yana haifar da karantawa daga wani yanki a waje da abin da aka keɓe. Rashin lahani yana ba da damar maharin nesa mara inganci don ɗiba bayanai daga ƙwaƙwalwar aiki. Lokacin da aka haɗa tare da wasu lahani, za a iya amfani da aibi don aiwatar da lamba tare da tushen gata.
  • CVE-2022-23125 Akwai binciken girman da ya ɓace lokacin da ake tantance abubuwan "len" a cikin aikin kwafi () kafin kwafin bayanai zuwa ƙayyadadden buffer. Rashin lahani yana ba wa maharin nesa ba da tabbaci ba don aiwatar da lambar su tare da tushen gata.
  • CVE-2022-23123 - Rashin ingantaccen waje a cikin hanyar getdirparams(), yana haifar da karantawa daga wani yanki a waje da abin da aka keɓe. Rashin lahani yana ba da damar maharin nesa mara inganci don fitar da bayanai daga ƙwaƙwalwar aiki.

source: budenet.ru

Add a comment