Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2545 |
Message | EXPLOIT AFP FPLoginExt username buffer overflow attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in AppleFileServer. |
Impact | Serious. Unauthorized remote administrative access. |
Detailed Information | AppleFileServer is used to share files and mount remote drives between machines using Apple Macintosh OS X. An error in the processing of PathName may lead to a buffer overflow. If the length of a string for AFPName is longer than the declared length, the buffer will be overflowed and may present an attacker with the opportunity to execute code of their choosing. |
Affected Systems | |
Attack Scenarios | An attacker can supply an AFPName longer than what is expected by the service and overwrite portions of memory leading to the execution of code. |
Ease of Attack | Simple |
Corrective Action | Disable AFP if not needed Apply the appropriate vendor supplied patch |
Additional References | |
Rule References | bugtraq: 10271 cve: 2004-0430 url: www.atstake.com/research/advisories/2004/a050304-1.txt |
--
DID:893682
--
http://www.aanval.com/