SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   AppleFileServer Vendors:   Apple
AppleFileServer Buffer Overflow in Processing Cleartext User Authentication Method Packets Lets Remote Users Execute Code With Root Privileges
SecurityTracker Alert ID:  1010039
SecurityTracker URL:  http://securitytracker.com/id/1010039
CVE Reference:   CVE-2004-0430   (Links to External Site)
Date:  May 4 2004
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A buffer overflow vulnerability was reported in AppleFileServer. A remote user can execute commands on the target system.

@stake reported that a remote user can exploit a stack buffer overflow to execute arbitrary code with root privileges of the target system. A remote user can reportedly supply a specially crafted PathName argument in a LoginExt packet that requests authentication using the cleartext Password User Authentication Method (UAM) to trigger the flaw.

The original advisory is available at:

http://www.atstake.com/research/advisories/2004/a050304-1.txt

Impact:   A remote user can execute arbitrary code on the target system with root privileges.
Solution:   Apple has released a fix as part of APPLE-SA-2004-05-03 Security Update 2004-05-03.

For Mac OS X 10.3.3 "Panther"
=============================
http://download.info.apple.com/Mac_OS_X/061-1213.20040503.vngr3/2Z
/SecUpd2004-05-03Pan.dmg
The download file is named: "SecUpd2004-05-03Pan.dmg"
Its SHA-1 digest is: 6f35539668d80ee536305a4146bd982a93706532

For Mac OS X Server 10.3.3
==========================
http://download.info.apple.com/Mac_OS_X/061-1215.20040503.mPp9k/2Z
/SecUpdSrvr2004-05-03Pan.dmg
The download file is named: "SecUpdSrvr2004-05-03Pan.dmg"
Its SHA-1 digest is: 3c7da910601fd36d4cdfb276af4783ae311ac5d7

For Mac OS X 10.2.8 "Jaguar"
=============================
http://download.info.apple.com/Mac_OS_X/061-1217.20040503.BmkY5/2Z
/SecUpd2004-05-03Jag.dmg
The download file is named: "SecUpd2004-05-03Jag.dmg"
Its SHA-1 digest is: 11d5f365e0db58b369d85aa909ac6209e2f49945

For Mac OS X Server 10.2.8
==========================
http://download.info.apple.com/Mac_OS_X/061-1219.20040503.Zsw3S/2Z
/SecUpdSrvr2004-05-03Jag.dmg
The download file is named: "SecUpdSrvr2004-05-03Jag.dmg"
Its SHA-1 digest is: 28859a4c88f6e1d1fe253388b233a5732b6e42fb

Vendor URL:  www.apple.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (macOS/OS X)
Underlying OS Comments:  Mac OS X 10.2.8, 10.3.3

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC