Mac OS X AFP Shared Folders Unauthenticated Access (Security Update 2010-006) (uncredentialed check)

This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes a security
issue.

Description :

The remote host is running a version of Mac OS X 10.6 that does not
have Security Update 2010-006 applied.

This security update fixes an issue in AFP Server by which a remote
attacker with knowledge of an account name on the affected system
may be able to bypass the password validation and access AFP shared
folders.

Note that this issue is only exploitable when File Sharing is enabled,
and it is not by default.

See also :

http://support.apple.com/kb/HT4361
http://lists.apple.com/archives/security-announce/2010/sep/msg00004.html

Solution :

Install Security Update 2010-006 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 49308 ()

Bugtraq ID: 43341

CVE ID: CVE-2010-1820