Detections
Analytics
Mac OS X AFP Shared Folders Unauthenticated Access (Security Update 2010-006) (uncredentialed check)
high Nessus Plugin ID 49308
Language:
Synopsis
The remote host is missing a Mac OS X update that fixes a security issue.Description
The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2010-006 applied.This security update fixes an issue in AFP Server by which a remote attacker with knowledge of an account name on the affected system may be able to bypass the password validation and access AFP shared folders.
Note that this issue is only exploitable when File Sharing is enabled, and it is not by default.
Solution
Install Security Update 2010-006 or later.See Also
http://support.apple.com/kb/HT4361
http://lists.apple.com/archives/security-announce/2010/sep/msg00004.html
Plugin Details
Severity: High
ID: 49308
File Name: afp_malformed_password.nbin
Version: 1.76
Type: remote
Family: Misc.
Published: 9/21/2010
Updated: 3/19/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: AFP/hostname
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/20/2010
Vulnerability Publication Date: 9/20/2010
Reference Information
CVE: CVE-2010-1820
BID: 43341