Details of VAR-202105-1166

ID

VAR-202105-1166

CVE

CVE-2021-31439

TITLE

Synology DiskStation Manager Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-007199

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326. Synology DiskStation Manager Is vulnerable to a heap-based buffer overflow. Zero Day Initiative To this vulnerability ZDI-CAN-12326 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Synology DiskStation DS418play is a network device of China Synology Corporation. Provides a storage function. ========================================================================== Ubuntu Security Notice USN-6146-1 June 08, 2023 netatalk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Netatalk. Software Description: - netatalk: Apple Filing Protocol service Details: It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0194) It was discovered that Netatalk did not properly handle errors when parsing AppleDouble entries. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-43634) It was discovered that Netatalk did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted .appl file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-45188) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: netatalk 3.1.13~ds-2ubuntu0.22.10.1 Ubuntu 22.04 LTS: netatalk 3.1.12~ds-9ubuntu0.22.04.1 Ubuntu 20.04 LTS: netatalk 3.1.12~ds-4ubuntu0.20.04.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): netatalk 2.2.6-1ubuntu0.18.04.2+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): netatalk 2.2.5-1ubuntu0.2+esm1 Ubuntu 14.04 LTS (Available with Ubuntu Pro): netatalk 2.2.2-1ubuntu2.2+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6146-1 CVE-2021-31439, CVE-2022-0194, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-43634, CVE-2022-45188 Package Information: https://launchpad.net/ubuntu/+source/netatalk/3.1.13~ds-2ubuntu0.22.10.1 https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-9ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-4ubuntu0.20.04.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202311-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Netatalk: Multiple Vulnerabilities including root remote code execution Date: November 01, 2023 Bugs: #837623, #881259, #915354 ID: 202311-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Netatalk, which could lead to remote code execution Background ========== Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Affected packages ================= Package Vulnerable Unaffected --------------- ------------ ------------ net-fs/netatalk < 3.1.18 >= 3.1.18 Description =========== Multiple vulnerabilities have been discovered in Netatalk. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Netatalk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/netatalk-3.1.18" References ========== [ 1 ] CVE-2021-31439 https://nvd.nist.gov/vuln/detail/CVE-2021-31439 [ 2 ] CVE-2022-0194 https://nvd.nist.gov/vuln/detail/CVE-2022-0194 [ 3 ] CVE-2022-22995 https://nvd.nist.gov/vuln/detail/CVE-2022-22995 [ 4 ] CVE-2022-23121 https://nvd.nist.gov/vuln/detail/CVE-2022-23121 [ 5 ] CVE-2022-23122 https://nvd.nist.gov/vuln/detail/CVE-2022-23122 [ 6 ] CVE-2022-23123 https://nvd.nist.gov/vuln/detail/CVE-2022-23123 [ 7 ] CVE-2022-23124 https://nvd.nist.gov/vuln/detail/CVE-2022-23124 [ 8 ] CVE-2022-23125 https://nvd.nist.gov/vuln/detail/CVE-2022-23125 [ 9 ] CVE-2022-45188 https://nvd.nist.gov/vuln/detail/CVE-2022-45188 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202311-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For the oldstable distribution (bullseye), these problems have been fixed in version 3.1.12~ds-8+deb11u1. We recommend that you upgrade your netatalk packages. For the detailed security status of netatalk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netatalk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmULMA8ACgkQEMKTtsN8 TjYw9xAArA2NN4zvH7wC6Itn5ry9kZhQS4BhkCk10WXd0L77k2qzRRTMMw9OBmNn Lk5w3/9oJhqBmtNkLerfBCSMA1aQFQfWOefJnywY/2lYYSS6Uc18Xze78CW4w2O1 /EkK836N6vSVuptjlcvTFGc61XUpbaZJ8CN4ipb2A0tNgp7Ja+Hrz4RgnrS2ppKP gmNuZ5iDcX9N9PohNPTnHc4jQkRscuPN1lsPDrc0OP4E2V7oFm8G7EKexO9BtREq eznaj0Bkcbvddquqz4dnPXOYjkXzoedvGYmI2J5EigIiBMNugL02zExbuhVCmVNl it29LDVAbgNpPgbUi9NRRe9EMXHI+XFgp/xB34jtyq3617SBPLelLBP/e41Bqnua E8C+37uxvIcSgbVibpzhtHkiXTffOpqR3mduXG/VrbuvqO7yzw1sjXrks867wV1Q rQPbX1O99sY+wg69jdyS/QTUQYHkDSGW2Ud+9u7Pv6Bkh/ibXIxHcNiWKaE2LPJi a8mWurmV/r4l325E09jJGxZON4CKiU50+FMKLi8Eo+uXdKDL+dyey9GQBBWQIU0n zg4oJQ/59oGnTib2C52hyZU6xtQbdCceqP2M+4/x75xtCkR5pLcvTnDqRBvnyYBv REbFCz3X46cdxzkbeu/SQWIBLAGXv7yktz8YX8y5Q6h4798FpVY= =jmG2 -----END PGP SIGNATURE-----

Trust: 3.24

sources: NVD: CVE-2021-31439 // JVNDB: JVNDB-2021-007199 // ZDI: ZDI-21-492 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-391194 // VULMON: CVE-2021-31439 // PACKETSTORM: 172803 // PACKETSTORM: 175637 // PACKETSTORM: 174801

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager	scope:	-	version:	-	Trust: 1.5
vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.2.3-25426-3	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	netatalk	model:	netatalk	scope:	lt	version:	3.1.13	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	gte	version:	6.2	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	eq	version:	-	Trust: 0.8

sources: ZDI: ZDI-21-492 // JVNDB: JVNDB-2021-007199 // NVD: CVE-2021-31439

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-31439
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2021-31439
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-31439
value:	HIGH
Trust: 0.8
ZDI:	CVE-2021-31439
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-2219
value:	HIGH
Trust: 0.6
VULHUB:	VHN-391194
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-31439
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-31439
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-391194
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

zdi-disclosures@trendmicro.com:	CVE-2021-31439
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-31439
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2021-31439
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-492 // VULHUB: VHN-391194 // VULMON: CVE-2021-31439 // JVNDB: JVNDB-2021-007199 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2219 // NVD: CVE-2021-31439 // NVD: CVE-2021-31439

PROBLEMTYPE DATA

problemtype:	CWE-122	Trust: 1.1
problemtype:	CWE-787	Trust: 1.0
problemtype:	Heap-based buffer overflow (CWE-122) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-391194 // JVNDB: JVNDB-2021-007199 // NVD: CVE-2021-31439

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-2219

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2219

PATCH

title:	Synology-SA-20	url:	https://www.synology.com/zh-hk/security/advisory/Synology_SA_20_26	Trust: 1.5
title:	Synology DiskStation DSplay Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=151551	Trust: 0.6
title:	Debian Security Advisories: DSA-5503-1 netatalk -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=a240e1ca8e9fa1cbfa021929dfc6ac17	Trust: 0.1

sources: ZDI: ZDI-21-492 // VULMON: CVE-2021-31439 // JVNDB: JVNDB-2021-007199 // CNNVD: CNNVD-202104-2219

EXTERNAL IDS

db:	NVD	id:	CVE-2021-31439	Trust: 4.4
db:	ZDI	id:	ZDI-21-492	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-007199	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12326	Trust: 0.7
db:	CNNVD	id:	CNNVD-202104-2219	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021050308	Trust: 0.6
db:	CS-HELP	id:	SB2022042579	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.3300	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.2863	Trust: 0.6
db:	VULHUB	id:	VHN-391194	Trust: 0.1
db:	VULMON	id:	CVE-2021-31439	Trust: 0.1
db:	PACKETSTORM	id:	172803	Trust: 0.1
db:	PACKETSTORM	id:	175637	Trust: 0.1
db:	PACKETSTORM	id:	174801	Trust: 0.1

sources: ZDI: ZDI-21-492 // VULHUB: VHN-391194 // VULMON: CVE-2021-31439 // JVNDB: JVNDB-2021-007199 // PACKETSTORM: 172803 // PACKETSTORM: 175637 // PACKETSTORM: 174801 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2219 // NVD: CVE-2021-31439

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-21-492/	Trust: 3.3
url:	https://www.synology.com/zh-hk/security/advisory/synology_sa_20_26	Trust: 2.5
url:	https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html	Trust: 1.7
url:	https://www.debian.org/security/2023/dsa-5503	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31439	Trust: 1.1
url:	https://security.gentoo.org/glsa/202311-02	Trust: 1.1
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/netatalk-buffer-overflow-via-dsi-stream-receive-38073	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.2863	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050308	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042579	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.3300	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0194	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23124	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23122	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23123	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-45188	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23121	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23125	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-43634	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/122.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/netatalk/3.1.13~ds-2ubuntu0.22.10.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-9ubuntu0.22.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-4ubuntu0.20.04.1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-6146-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22995	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-42464	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/netatalk	Trust: 0.1

CREDITS

Angelboy(@scwuaptx) from DEVCORE Security Team

Trust: 0.7

sources: ZDI: ZDI-21-492

SOURCES

db:	ZDI	id:	ZDI-21-492
db:	VULHUB	id:	VHN-391194
db:	VULMON	id:	CVE-2021-31439
db:	JVNDB	id:	JVNDB-2021-007199
db:	PACKETSTORM	id:	172803
db:	PACKETSTORM	id:	175637
db:	PACKETSTORM	id:	174801
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-2219
db:	NVD	id:	CVE-2021-31439

LAST UPDATE DATE

2024-08-14T12:41:10.217000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-492	date:	2021-05-24T00:00:00
db:	VULHUB	id:	VHN-391194	date:	2021-05-27T00:00:00
db:	VULMON	id:	CVE-2021-31439	date:	2023-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2021-007199	date:	2022-02-03T09:04:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-2219	date:	2023-06-12T00:00:00
db:	NVD	id:	CVE-2021-31439	date:	2023-11-22T20:34:05.293

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-492	date:	2021-04-29T00:00:00
db:	VULHUB	id:	VHN-391194	date:	2021-05-21T00:00:00
db:	VULMON	id:	CVE-2021-31439	date:	2021-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2021-007199	date:	2022-02-03T00:00:00
db:	PACKETSTORM	id:	172803	date:	2023-06-08T15:06:14
db:	PACKETSTORM	id:	175637	date:	2023-11-13T21:46:53
db:	PACKETSTORM	id:	174801	date:	2023-09-21T16:23:34
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-2219	date:	2021-04-29T00:00:00
db:	NVD	id:	CVE-2021-31439	date:	2021-05-21T15:15:07.707