Home Business IT Security NMAP developer announces Mac OS X vulnerability

NMAP developer discovers vulnerability in Max OS X AFS share interface and makes an obvious comparison with a similar Windows issue discovered in 1995.

A cynic might start this report with the famous French quote plus ça change, plus c'est la même chose (for the Francophobes: the more things change, the more they stay the same!).

In the interests of 'ethical disclosure,' Patrik Karlsson, one of the developers from the NMAP project who discovered a huge vulnerability chose to hold on to the information until Apple's latest release of the OS (which fixes the problem).

This doesn't mean it is fixed for all versions, only in the latest OS X 10.6.3, released today.  In that article, my colleague Mr Withers notes "Security fixes in 10.6.3 cover the AFP server (two issues)." 

The AFP 'issue' discussed here is very serious (and in the Windows environment, is a mere 15 years old, having been discovered in 1995).

According to the discoverer, "The vulnerability occurs due to improper input validation and allows an attacker to access (list, read, and/or write) files in the parent directory of any AFP sharepoint.

"By default, when enabling AFP, the Public folder in each user's home directory is shared as Public Folder. In my case "Patrik Karlsson's Public Folder". Since the Public folder is a subdirectory of a user's home directory, exploiting this share provides access to all of that user's home directory files (but not subdirectories or files with restrictive filesystem permissions)."

Karlsson continues on the next page...


"As the name suggests, the Public shares are available to anyone without authentication. Given the default permissions on home directories (world read+execute) and the default umask (world read), this has a serious impact - as unauthenticated users can read all files in a user's home directory. The attack also works for authenticated users against shares requiring authentication.

"Technically the attack is not very challenging and relies on a classic directory traversal attack. It is strikingly similar to the famous Windows SMB filesharing vulnerability from 1995."

The vulnerability was first disclosed to Apple on February 10th and after numerous delays, Apple finally agreed to full disclosure occurring overnight (March 29th US time).

In addition to outlining the vulnerability, the author also provides a simple test to detect whether a target system is vulnerable.

Quoting the discoverer:

Here is the syntax for running the scripts against a system or network to detect vulnerable hosts [using a script available from the NMAP website]:

nmap -p 548 --script afp-path-vuln
If the server is vulnerable it will show the following output:

PORT    STATE SERVICE
548/tcp open  afp
| afp-path-vuln:
|   Patrik's Public Folder/../ (5 first items)
|     .bash_history
|     .bash_profile
|     .CFUserTextEncoding
|     .config/
|     .crash_report_checksum
|
|_AFP path traversal (CVE-2010-0533): VULNERABLE


For those running the Snow Leopard version of Apple OS X, the update may be found here.  iTWire strongly recommends applying the update as soon as possible.

 

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

10 SIMPLE TIPS TO PROTECT YOUR ORGANISATION FROM RANSOMWARE

Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.

DOWNLOAD NOW!

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect