Security Market Segment LS
×

Warning

JUser: :_load: Unable to load user with ID: 3667
×

Message

Failed loading XML... Document is empty
Tuesday, 30 March 2010 21:55

NMAP developer announces Mac OS X vulnerability

By

NMAP developer discovers vulnerability in Max OS X AFS share interface and makes an obvious comparison with a similar Windows issue discovered in 1995.
A cynic might start this report with the famous French quote plus ça change, plus c'est la même chose (for the Francophobes: the more things change, the more they stay the same!).

In the interests of 'ethical disclosure,' Patrik Karlsson, one of the developers from the NMAP project who discovered a huge vulnerability chose to hold on to the information until Apple's latest release of the OS (which fixes the problem).

This doesn't mean it is fixed for all versions, only in the latest OS X 10.6.3, released today.  In that article, my colleague Mr Withers notes "Security fixes in 10.6.3 cover the AFP server (two issues)." 

The AFP 'issue' discussed here is very serious (and in the Windows environment, is a mere 15 years old, having been discovered in 1995).

According to the discoverer, "The vulnerability occurs due to improper input validation and allows an attacker to access (list, read, and/or write) files in the parent directory of any AFP sharepoint.

"By default, when enabling AFP, the Public folder in each user's home directory is shared as Public Folder. In my case "Patrik Karlsson's Public Folder". Since the Public folder is a subdirectory of a user's home directory, exploiting this share provides access to all of that user's home directory files (but not subdirectories or files with restrictive filesystem permissions)."

Karlsson continues on the next page...
"As the name suggests, the Public shares are available to anyone without authentication. Given the default permissions on home directories (world read+execute) and the default umask (world read), this has a serious impact - as unauthenticated users can read all files in a user's home directory. The attack also works for authenticated users against shares requiring authentication.

"Technically the attack is not very challenging and relies on a classic directory traversal attack. It is strikingly similar to the famous Windows SMB filesharing vulnerability from 1995."

The vulnerability was first disclosed to Apple on February 10th and after numerous delays, Apple finally agreed to full disclosure occurring overnight (March 29th US time).

In addition to outlining the vulnerability, the author also provides a simple test to detect whether a target system is vulnerable.

Quoting the discoverer:

Here is the syntax for running the scripts against a system or network to detect vulnerable hosts [using a script available from the NMAP website]:

nmap -p 548 --script afp-path-vuln
If the server is vulnerable it will show the following output:

PORT    STATE SERVICE
548/tcp open  afp
| afp-path-vuln:
|   Patrik's Public Folder/../ (5 first items)
|     .bash_history
|     .bash_profile
|     .CFUserTextEncoding
|     .config/
|     .crash_report_checksum
|
|_AFP path traversal (CVE-2010-0533): VULNERABLE

For those running the Snow Leopard version of Apple OS X, the update may be found here.  iTWire strongly recommends applying the update as soon as possible.

 

Read 63274 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




EXL AI IN ACTION VIRTUAL EVENT 20 MARCH 2025

Industry leaders are looking to transform their businesses and achieve measurable outcomes with AI.

As organisations across APAC navigate the complexities of AI adoption, this must-attend event brings together industry leaders, real-world demonstrations, and visionary panel discussions to bridge the gap between proof-of-concepts and enterprise-wide AI implementation.

Learn how to overcome common challenges in deploying AI at scale.​

Unlock cost savings, efficiency, and better customer experiences with AI.

Discover how industry expertise and data intelligence enable practical AI deployment.

Register for the event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Latest from David Heath

Related items

More in this category: « Internet Explorer update imminent How to strap on the Web 2.0 safety harness »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments