GEN:SID | 1:2545 |
Message | EXPLOIT AFP FPLoginExt username buffer overflow attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in AppleFileServer.
|
Impact | Serious. Unauthorized remote administrative access.
|
Detailed Information | AppleFileServer is used to share files and mount remote drives between machines using Apple Macintosh OS X. An error in the processing of PathName may lead to a buffer overflow. If the length of a string for AFPName is longer than the declared length, the buffer will be overflowed and may present an attacker with the opportunity to execute code of their choosing.
|
Affected Systems | |
Attack Scenarios | An attacker can supply an AFPName longer than what is expected by the service and overwrite portions of memory leading to the execution of code.
|
Ease of Attack | Simple
|
Corrective Action | Disable AFP if not needed
Apply the appropriate vendor supplied patch
|
Additional References | |
Rule References | bugtraq: 10271
cve: 2004-0430
url: www.atstake.com/research/advisories/2004/a050304-1.txt
|