Apple Mac OS X AppleFilingProtocol Server Information Disclosure Vulnerability

Bugtraq ID:	13237
Class:	Access Validation Error
CVE:	CVE-2005-0715
Remote:	Yes
Local:	No
Published:	Apr 18 2005 12:00AM
Updated:	Jul 12 2009 02:06PM
Credit:	Discovery credited to John M. Glenn.
Vulnerable:	Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3
Not Vulnerable:

Apple Mac OS X AppleFilingProtocol Server Information Disclosure Vulnerability

The Mac OS X AppleFilingProtocol (AFP) Server is prone to an information disclosure vulnerability. The issue arises because file permissions are not properly validated.

Apple Mac OS X AppleFilingProtocol Server Information Disclosure Vulnerability

An exploit is not required.

Apple Mac OS X AppleFilingProtocol Server Information Disclosure Vulnerability

Solution:
Apple has released an advisory (APPLE-SA-2005-03-21) and fixes to address this issue.


Apple Mac OS X Server 10.3.8

• Apple SecUpdSrvr2005-003Pan.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05530&plat form=osx&method=sa/SecUpdSrvr2005-003Pan.dmg

Apple Mac OS X 10.3.8

• Apple SecUpd2005-003Pan.dmg
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05529&plat form=osx&method=sa/SecUpd2005-003Pan.dmg

Apple Mac OS X AppleFilingProtocol Server Information Disclosure Vulnerability

References: