Mac OS X AFP Shared Folders Unauthenticated Access (Security Update 2010-006)

high Nessus Plugin ID 49289

Language:

Synopsis

The remote host is missing a Mac OS X update that fixes a security issue.

Description

The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2010-006 applied.

This security update fixes an issue in AFP Server by which a remote attacker with knowledge of an account name on the affected system may be able to bypass the password validation and access AFP shared folders.

Note that this issue is only exploitable when File Sharing is enabled, and it is not by default.

Solution

Install Security Update 2010-006 or later.

See Also

http://support.apple.com/kb/HT4361

http://lists.apple.com/archives/security-announce/2010/Sep/msg00004.html

Plugin Details

Severity: High

ID: 49289

File Name: macosx_SecUpd2010-006.nasl

Version: 1.10

Type: local

Agent: macosx

Published: 9/20/2010

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:10.6

Required KB Items: Host/uname, Host/MacOSX/packages

Exploit Ease: No known exploits are available

Patch Publication Date: 9/20/2010

Vulnerability Publication Date: 9/20/2010

Reference Information

CVE: CVE-2010-1820

BID: 43341