There is a buffer overflow vulnerability in the way Apple's AppleFileServer handles certain authentication requests. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code.
The AppleFileServer provides Apple Filing Protocol (AFP) services for clients and servers. This protocol allows users to share files over the network. By default the AFP service is not enabled. There is a buffer overflow vulnerability in the way the AppleFileServer handles certain authentication requests. By supplying a specially crafted PathName argument during authentication, an unauthenticated, remote attacker could execute arbitrary code.
According to the @stake advisory:
An unauthenticated, remote attacker could execute arbitrary code.
Apple has issued an advisory to address this issue. For further details, please see the Apple Security Advisory (Security Update 2004-05-03).
This vulnerability was reported by Dave G. of @stake.
This document was written by Damon Morda based on information in the @stake advisory.
|Date First Published:||2004-05-07|
|Date Last Updated:||2004-05-07 15:43 UTC|