Nmap Development mailing list archives
Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 30 Mar 2010 01:03:39 +0200
On 30 mar 2010, at 00.54, Brandon Enright wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 30 Mar 2010 00:50:28 +0200 Patrik Karlsson <patrik () cqure net> wrote:This is a great find Patrik, congrats on your release. I just gave our machines a scan here and as expected, we had 1635 machines with AFP running. Surprisingly though, only 291 were vulnerable. That seems like a huge discrepancy. There doesn't seem to be enough verbose script output to understand why the other ~1300 machines aren't vulnerable. Thoughts?I was discovered the vulnerability on Snow Leopard and was not able to reproduce it on Leopard or older systems. Can these ~1300 machines fall into that category?Yeah, most likely. If students were on campus this week it would have been (and I suppose will be soon) > 2000 vulnerable. You've gotta love getting pwnd via "../". I bet you were shaking your head back and forth so much that now you've got a legal case against Apple for a repetitive strain injury.
Hahaha, yeah, more or less ;)
Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAkuxL60ACgkQqaGPzAsl94JH5wCfUPTlT9S8IuFIqANONPrQsF9D LIsAn2K1oHcs7a0sX6urjcVx/WrUM1+M =Q4ku -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
//Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Ron (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Ron (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Ron (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Ron (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Brandon Enright (Mar 29)
- Re: Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533 Patrik Karlsson (Mar 29)