1197576 – (CVE-2022-22995) VUL-0: CVE-2022-22995: netatalk: default configuration allows the arbitrary writing of files

Bug 1197576 (CVE-2022-22995) - VUL-0: CVE-2022-22995: netatalk: default configuration allows the arbitrary writing of files

Summary: VUL-0: CVE-2022-22995: netatalk: default configuration allows the arbitrary w...

Status:	RESOLVED FIXED

Alias:	CVE-2022-22995

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/327286/
Whiteboard:	CVSSv3.1:SUSE:CVE-2022-22995:7.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2022-03-28 08:07 UTC by Thomas Leroy
Modified:	2024-07-02 13:20 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2022-03-28 08:07:56 UTC

CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default
configuration allows the arbitrary writing of files. By exploiting these
combination of primitives, an attacker can execute arbitrary code.

References:
https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22995
https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities

Comment 1 Thomas Leroy 2022-03-28 08:13:32 UTC

The 3.1.13 version was released on Match 22, fixing several CVEs, but I can't see this one in the list...

Comment 2 Petr Gajdos 2022-03-29 12:20:29 UTC

Given that
https://github.com/Netatalk/Netatalk/commit/64f36724c22d3e4770b1f6b7f3c2d79585142af7
are only changes that happened in 2022, either CVE-2022-22995 is fixed by one of the commit we already back ported or the fix is on the way into upstream github repo. I will ask upstream as soon as regression in bug 1197352 is resolved.

Comment 4 Petr Gajdos 2022-05-09 09:32:58 UTC

No news in upstream repo, no reply from Ralph.

Comment 15 Andreas Stieger 2023-10-06 14:17:00 UTC

Fixed in 3.1.38, reopening. 

https://netatalk.sourceforge.io/CVE-2022-22995.php
https://github.com/Netatalk/netatalk/issues/480
https://github.com/Netatalk/netatalk/pull/509
https://github.com/Netatalk/netatalk/commit/9eb6d9d0ac17dca210ccbf05476a925a6b379dfb
https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-1-18

Comment 16 Petr Gajdos 2023-10-12 13:15:58 UTC

Submitted against network/netatalk and 12/netatalk.

Thank you Andreas for the note.

Comment 18 Maintenance Automation 2023-10-16 12:30:10 UTC

SUSE-SU-2023:4084-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1197576
CVE References: CVE-2022-22995
Sources used:
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): netatalk-3.1.0-3.22.1
SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): netatalk-3.1.0-3.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Andrea Mattiazzo 2024-05-23 15:55:36 UTC

All done, closing.