Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Detecting the Apple Mac OS X AFP vulnerability CVE-2010-0533

From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 29 Mar 2010 20:11:02 +0200
Hi all,

As of a few minutes ago Nmap now detects a critical AFP vulnerability I found during the development of the library.
If file sharing is enabled with public shares (default) it allows a remote attacker to read the contents of your home 
directory without the need to authenticate.
If you haven't already, make sure you install Mac Os X 10.6.3, which contains a patch for it.

Details on the vulnerability can be found over here:
http://www.cqure.net/wp/2010/03/detecting-apple-mac-os-x-afp-vulnerability-cve-2010-0533-with-nmap/#more-359

The scripts are in subversion and require the latest version of the AFP library
http://nmap.org/svn/scripts/afp-brute.nse
http://nmap.org/svn/scripts/afp-path-vuln.nse
http://nmap.org/svn/nselib/afp.lua

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: