Vulnerability Note VU#648406
Apple Mac OS X AppleFileServer fails to properly handle certain authentication requests
There is a buffer overflow vulnerability in the way Apple's AppleFileServer handles certain authentication requests. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code.
The AppleFileServer provides Apple Filing Protocol (AFP) services for clients and servers. This protocol allows users to share files over the network. By default the AFP service is not enabled. There is a buffer overflow vulnerability in the way the AppleFileServer handles certain authentication requests. By supplying a specially crafted PathName argument during authentication, an unauthenticated, remote attacker could execute arbitrary code.
According to the @stake advisory:
An unauthenticated, remote attacker could execute arbitrary code.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||-||07 May 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by Dave G. of @stake.
This document was written by Damon Morda based on information in the @stake advisory.
- CVE IDs: CAN-2004-0430
- Date Public: 03 May 2004
- Date First Published: 07 May 2004
- Date Last Updated: 07 May 2004
- Severity Metric: 27.42
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.