Nmap Development mailing list archives

Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533

From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 30 Mar 2010 00:50:28 +0200


On 30 mar 2010, at 00.34, Brandon Enright wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 29 Mar 2010 20:11:02 +0200
Patrik Karlsson <patrik () cqure net> wrote:

Hi all,

As of a few minutes ago Nmap now detects a critical AFP vulnerability
I found during the development of the library. If file sharing is
enabled with public shares (default) it allows a remote attacker to
read the contents of your home directory without the need to
authenticate. If you haven't already, make sure you install Mac Os X
10.6.3, which contains a patch for it.

Details on the vulnerability can be found over here:
http://www.cqure.net/wp/2010/03/detecting-apple-mac-os-x-afp-vulnerability-cve-2010-0533-with-nmap/#more-359

The scripts are in subversion and require the latest version of the
AFP library http://nmap.org/svn/scripts/afp-brute.nse
http://nmap.org/svn/scripts/afp-path-vuln.nse
http://nmap.org/svn/nselib/afp.lua

//Patrik



This is a great find Patrik, congrats on your release.  I just gave our
machines a scan here and as expected, we had 1635 machines with AFP
running.  Surprisingly though, only 291 were vulnerable.  That seems
like a huge discrepancy.  There doesn't seem to be enough verbose
script output to understand why the other ~1300 machines aren't
vulnerable.  Thoughts?

I was discovered the vulnerability on Snow Leopard and was not able to reproduce it on Leopard or older systems.
Can these ~1300 machines fall into that category?


Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkuxKuMACgkQqaGPzAsl94K9egCfSv+EOEbPfi9xg1Gjg8HrZSdN
0H8AnRYcQgkRNnqLbO39ABj194u8D2KF
=ZdrU
-----END PGP SIGNATURE-----

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Ron (Mar 29)
  - Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
    - Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Ron (Mar 29)
    - Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
    - Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Ron (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Brandon Enright (Mar 29)
  - Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
    - Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Brandon Enright (Mar 29)
    - Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)