|
|
|
 |
Vulnerability Note VU#180692Apple Mac OS X AFP server vulnerable to DoS via maliciously-crafted AFP requestOverviewA vulnerability in the Apple Mac OS X AFP server may allow an attacker to cause a denial-of-service condition on an affected system.I. DescriptionThe AFP (Apple Filing Protocol) service allows Apple Mac OS clients to access files remotely from a server. Apple's Mac OS X AFP server contains an unchecked error condition. When file sharing is enabled, a remote attacker can exploit this vulnerability by sending a specially crafted invalid AFP request. This crafted AFP request may cause the service to crash, resulting in a denial-of-service condition. Apple states that any Mac OS X system with AFP server enabled is vulnerable; however, AFP server is not enabled by default on Apple Mac OS X.II. ImpactWhen file sharing is enabled, a maliciously crafted AFP request may cause the AFP server to crash, resulting in a denial-of-service condition.III. SolutionApply an updateApple has addressed this issue in Security Update 2006-004.
Referenceshttp://docs.info.apple.com/article.html?artnum=304063 Thanks to Apple Product Security for reporting this vulnerability. This document was written by Katie Washok.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||