Nmap Development mailing list archives
Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 29 Mar 2010 20:50:56 +0200
On 29 mar 2010, at 20.46, Ron wrote:
Well, it's a great quote and is exactly the type of thing that gets Slashdot people going. :)
Hehehe.
On the Slashdot front, I just submitted this as a story: http://slashdot.org/submission/1204006/Detecting-critical-Apple-vulnerability-with-Nmap If anybody has a Slashdot account and wants to help out, hit that link and vote it up with the little '+'! I wonder how much bandwidth Patrik's blog has... >:)
Me too. The plan says unlimited bandwith :)
On Mon, 29 Mar 2010 20:39:31 +0200 Patrik Karlsson <patrik () cqure net> wrote:Thanks, I don't deserve the credit for that quote though. Fyodor helped me out with the blog post a bit ;) //Patrik On 29 mar 2010, at 20.17, Ron wrote:Great job! I especially love: "It is strikingly similar to the famous Windows SMB filesharing vulnerability from 1995." -- ha! :) On Mon, 29 Mar 2010 20:11:02 +0200 Patrik Karlsson <patrik () cqure net> wrote:Hi all, As of a few minutes ago Nmap now detects a critical AFP vulnerability I found during the development of the library. If file sharing is enabled with public shares (default) it allows a remote attacker to read the contents of your home directory without the need to authenticate. If you haven't already, make sure you install Mac Os X 10.6.3, which contains a patch for it. Details on the vulnerability can be found over here: http://www.cqure.net/wp/2010/03/detecting-apple-mac-os-x-afp-vulnerability-cve-2010-0533-with-nmap/#more-359 The scripts are in subversion and require the latest version of the AFP library http://nmap.org/svn/scripts/afp-brute.nse http://nmap.org/svn/scripts/afp-path-vuln.nse http://nmap.org/svn/nselib/afp.lua //Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/-- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77-- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86
//Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Ron (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Ron (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Ron (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Ron (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Brandon Enright (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)