Vulnerability Note VU#312424

Apple AFP Client privilege escalation vulnerability

Original Release date: 19 Apr 2007 | Last revised: 23 Apr 2007

Overview

The Apple File Protocol (AFP) Client fails to properly clean its environment before executing commands. This vulnerability may allow a local attacker execute commands with elevated privileges.

Description

The Apple File Protocol service allows Apple Mac OS clients to access files remotely from a server. According to Apple Security Update 2007-004:

    Under certain circumstances, AFP Client may execute commands without properly cleaning the environment. This may allow a local user to create files or execute commands with system
    privileges.

Impact

A local attacker may be able to execute commands with elevated privileges.

Solution

Apply Updates from Apple
Apple has addressed this vulnerability with the updates included in Apple Security Update 2007-004.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Affected-19 Apr 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported in Apple Security Update 2007-004.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CVE-2007-0729
  • Date Public: 19 Apr 2007
  • Date First Published: 19 Apr 2007
  • Date Last Updated: 23 Apr 2007
  • Severity Metric: 1.86
  • Document Revision: 5

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.