![]() The specific flaw exists within the getdirparams method. Authentication is not required to exploit this vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk.An attacker can leverage this vulnerability to execute code in the context of root. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. The specific flaw exists within the copyapplfile function. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk.The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. The specific flaw exists within the setfilparams function. The issue results from the lack of proper error handling when parsing AppleDouble entries. The specific flaw exists within the parse_entries function. The specific flaw exists within the ad_addcomment function. ![]() In environments where AFP is still needed, setting up firewall rules to only allow trusted clients to connect over AFP (port 548) can be used as temporary mitigation. We recommend using SMB protocol instead when connecting from macOS.įor Synology systems not yet upgraded to DSM 7.1-42661-1 or newer, administrators can disable "AFP service" to mitigate this specific vulnerability. This service has been disabled by default since DSM 7.0. Netatalk provides file access through AFP (Apple Filing Protocol) on DSM. Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM).
0 Comments
Leave a Reply. |