Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2545 |
| Message | EXPLOIT AFP FPLoginExt username buffer overflow attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in AppleFileServer. |
| Impact | Serious. Unauthorized remote administrative access. |
| Detailed Information | AppleFileServer is used to share files and mount remote drives between machines using Apple Macintosh OS X. An error in the processing of PathName may lead to a buffer overflow. If the length of a string for AFPName is longer than the declared length, the buffer will be overflowed and may present an attacker with the opportunity to execute code of their choosing. |
| Affected Systems | |
| Attack Scenarios | An attacker can supply an AFPName longer than what is expected by the service and overwrite portions of memory leading to the execution of code. |
| Ease of Attack | Simple |
| Corrective Action | Disable AFP if not needed Apply the appropriate vendor supplied patch |
| Additional References | |
| Rule References | bugtraq: 10271 cve: 2004-0430 url: www.atstake.com/research/advisories/2004/a050304-1.txt |
--
DID:893682
--
http://www.aanval.com/