Mac OS X AFP Shared Folders Unauthenticated Access (Security Update 2010-006)

This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.

Synopsis :

The remote host is missing a Mac OS X update that fixes a security

Description :

The remote host is running a version of Mac OS X 10.6 that does not
have Security Update 2010-006 applied.

This security update fixes an issue in AFP Server by which a remote
attacker with knowledge of an account name on the affected system
may be able to bypass the password validation and access AFP shared

Note that this issue is only exploitable when File Sharing is enabled,
and it is not by default.

See also :

Solution :

Install Security Update 2010-006 or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 49289 (macosx_SecUpd2010-006.nasl)

Bugtraq ID: 43341

CVE ID: CVE-2010-1820