| GEN:SID | 1:2545 |
| Message | EXPLOIT AFP FPLoginExt username buffer overflow attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in AppleFileServer.
|
| Impact | Serious. Unauthorized remote administrative access.
|
| Detailed Information | AppleFileServer is used to share files and mount remote drives between machines using Apple Macintosh OS X. An error in the processing of PathName may lead to a buffer overflow. If the length of a string for AFPName is longer than the declared length, the buffer will be overflowed and may present an attacker with the opportunity to execute code of their choosing.
|
| Affected Systems | |
| Attack Scenarios | An attacker can supply an AFPName longer than what is expected by the service and overwrite portions of memory leading to the execution of code.
|
| Ease of Attack | Simple
|
| Corrective Action | Disable AFP if not needed
Apply the appropriate vendor supplied patch
|
| Additional References | |
| Rule References | bugtraq: 10271
cve: 2004-0430
url: www.atstake.com/research/advisories/2004/a050304-1.txt
|