Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Zowopsa kwambiri ku Netatalk zomwe zimatsogolera kumayendedwe akutali

Zowopsa kwambiri ku Netatalk zomwe zimatsogolera kumayendedwe akutali

Ku Netatalk, seva yomwe imagwiritsa ntchito ma protocol a AppleTalk ndi Apple Filing Protocol (AFP), ziwopsezo zisanu ndi chimodzi zomwe zingagwiritsidwe ntchito patali zadziwika zomwe zimakupatsani mwayi wokonza ma code anu ndi ufulu wa mizu potumiza mapaketi opangidwa mwapadera. Netatalk imagwiritsidwa ntchito ndi ambiri opanga zida zosungira (NAS) kuti apereke kugawana mafayilo ndi mwayi wosindikiza kuchokera ku makompyuta a Apple, mwachitsanzo, adagwiritsidwa ntchito mu zipangizo za Western Digital (vuto linathetsedwa pochotsa Netatalk ku WD firmware). Netatalk imaphatikizidwanso m'magawo ambiri, kuphatikizapo OpenWRT (yochotsedwa monga OpenWrt 22.03), Debian, Ubuntu, SUSE, Fedora ndi FreeBSD, koma sichigwiritsidwa ntchito mwachisawawa. Nkhanizi zathetsedwa pakutulutsidwa kwa Netatalk 3.1.13.

Zazindikirika:

  • CVE-2022-0194 - Ntchito ya ad_addcomment() simayang'ana bwino kukula kwa deta yakunja isanayikopere ku buffer yokhazikika. Chiwopsezochi chimalola wowukira kutali wosadziwika kuti agwiritse ntchito ma code awo ndi mwayi wa mizu.
  • CVE-2022-23121 - Kugwiritsa ntchito zolakwika molakwika mu parse_entries() ntchito yomwe imachitika mukayika zolemba za AppleDouble. Chiwopsezochi chimalola wowukira kutali wosadziwika kuti agwiritse ntchito ma code awo ndi mwayi wa mizu.
  • CVE-2022-23122 - Ntchito ya setfilparams() simayang'ana molondola kukula kwa deta yakunja isanayikopere ku buffer yokhazikika. Chiwopsezochi chimalola wowukira kutali wosadziwika kuti agwiritse ntchito ma code awo ndi mwayi wa mizu.
  • CVE-2022-23124 Kusowa kovomerezeka kolowera munjira ya get_finderinfo(), zomwe zimapangitsa kuti muwerenge kuchokera kudera lomwe lili kunja kwa buffer yomwe mwapatsidwa. Chiwopsezochi chimalola wowukira wakutali kuti atulutse zambiri kuchokera pa memory memory. Pophatikizana ndi zovuta zina, cholakwikacho chingagwiritsidwenso ntchito kupanga ma code okhala ndi mwayi wokhala ndi mizu.
  • CVE-2022-23125 Pali cheke cha kukula chomwe chikusowa pogawa chinthu cha "len" mu copyapplfile() ntchito musanakopere zomwezo ku buffer yokhazikika. Chiwopsezochi chimalola wowukira kutali wosadziwika kuti agwiritse ntchito ma code awo ndi mwayi wa mizu.
  • CVE-2022-23123 - Kupanda kutsimikizika kotuluka munjira ya getdirparams(), zomwe zimapangitsa kuti muwerenge kuchokera kudera lomwe lili kunja kwa buffer yomwe mwapatsidwa. Chiwopsezochi chimalola wowukira wakutali kuti atulutse zambiri kuchokera pa memory memory.

Source: opennet.ru

Kuwonjezera ndemanga