Apple Mac OS X FTP Server Directory Traversal Vulnerability
BID:39231
Info
Apple Mac OS X FTP Server Directory Traversal Vulnerability
| Bugtraq ID: | 39231 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-0501 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2010 12:00AM |
| Updated: | Mar 29 2010 12:00AM |
| Credit: | Apple |
| Vulnerable: |
Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.6 Apple Mac OS X Server 10.5 |
| Not Vulnerable: |
Apple Mac OS X Server 10.6.3 |
Discussion
Apple Mac OS X FTP Server Directory Traversal Vulnerability
Apple Mac OS X is prone to a directory-traversal vulnerability that exists in the FTP server component.
An attacker can exploit this issue to gain access to files that are outside the FTP root directory. Successful exploits may lead to other attacks.
NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.
Apple Mac OS X is prone to a directory-traversal vulnerability that exists in the FTP server component.
An attacker can exploit this issue to gain access to files that are outside the FTP root directory. Successful exploits may lead to other attacks.
NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.
Exploit / POC
Apple Mac OS X FTP Server Directory Traversal Vulnerability
Attackers can use readily available tools to exploit this issue.
Attackers can use readily available tools to exploit this issue.
Solution / Fix
Apple Mac OS X FTP Server Directory Traversal Vulnerability
Solution:
Updates are available to address this issue. Please see the references for more information.
Apple Mac OS X Server 10.6
Apple Mac OS X Server 10.5
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.7
Apple Mac OS X Server 10.5.8
Apple Mac OS X Server 10.6.1
Apple Mac OS X Server 10.6.2
Solution:
Updates are available to address this issue. Please see the references for more information.
Apple Mac OS X Server 10.6
-
Apple MacOSXServerUpdCombo10.6.3.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.1
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.2
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.3
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.4
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.5
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.6
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.7
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.5.8
-
Apple SecUpdSrvr2010-002Leo.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.6.1
-
Apple MacOSXServerUpdCombo10.6.3.dmg
http://www.apple.com/support/downloads/
Apple Mac OS X Server 10.6.2
-
Apple MacOSXServerUpd10.6.3.dmg
http://www.apple.com/support/downloads/