Vulnerability Note VU#312424
Apple AFP Client privilege escalation vulnerability
The Apple File Protocol (AFP) Client fails to properly clean its environment before executing commands. This vulnerability may allow a local attacker execute commands with elevated privileges.
The Apple File Protocol service allows Apple Mac OS clients to access files remotely from a server. According to Apple Security Update 2007-004:
Under certain circumstances, AFP Client may execute commands without properly cleaning the environment. This may allow a local user to create files or execute commands with system
A local attacker may be able to execute commands with elevated privileges.
Apply Updates from Apple
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||19 Apr 2007|
CVSS Metrics (Learn More)
This vulnerability was reported in Apple Security Update 2007-004.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2007-0729
- Date Public: 19 Apr 2007
- Date First Published: 19 Apr 2007
- Date Last Updated: 23 Apr 2007
- Severity Metric: 1.86
- Document Revision: 5
If you have feedback, comments, or additional information about this vulnerability, please send us email.