Mac OS X AFP Shared Folders Unauthenticated Access (Security Update 2010-006)

High Nessus Plugin ID 49289


The remote host is missing a Mac OS X update that fixes a security issue.


The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2010-006 applied.

This security update fixes an issue in AFP Server by which a remote attacker with knowledge of an account name on the affected system may be able to bypass the password validation and access AFP shared folders.

Note that this issue is only exploitable when File Sharing is enabled, and it is not by default.


Install Security Update 2010-006 or later.

See Also

Plugin Details

Severity: High

ID: 49289

File Name: macosx_SecUpd2010-006.nasl

Version: $Revision: 1.8 $

Type: local

Agent: macosx

Published: 2010/09/20

Modified: 2012/06/14

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Required KB Items: Host/MacOSX/packages, Host/uname

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/09/20

Vulnerability Publication Date: 2010/09/20

Reference Information

CVE: CVE-2010-1820

BID: 43341

OSVDB: 68153