Home Business IT Security NMAP developer announces Mac OS X vulnerability

NMAP developer discovers vulnerability in Max OS X AFS share interface and makes an obvious comparison with a similar Windows issue discovered in 1995.

A cynic might start this report with the famous French quote plus ça change, plus c'est la même chose (for the Francophobes: the more things change, the more they stay the same!).

In the interests of 'ethical disclosure,' Patrik Karlsson, one of the developers from the NMAP project who discovered a huge vulnerability chose to hold on to the information until Apple's latest release of the OS (which fixes the problem).

This doesn't mean it is fixed for all versions, only in the latest OS X 10.6.3, released today.  In that article, my colleague Mr Withers notes "Security fixes in 10.6.3 cover the AFP server (two issues)." 

The AFP 'issue' discussed here is very serious (and in the Windows environment, is a mere 15 years old, having been discovered in 1995).

According to the discoverer, "The vulnerability occurs due to improper input validation and allows an attacker to access (list, read, and/or write) files in the parent directory of any AFP sharepoint.

"By default, when enabling AFP, the Public folder in each user's home directory is shared as Public Folder. In my case "Patrik Karlsson's Public Folder". Since the Public folder is a subdirectory of a user's home directory, exploiting this share provides access to all of that user's home directory files (but not subdirectories or files with restrictive filesystem permissions)."

Karlsson continues on the next page...


"As the name suggests, the Public shares are available to anyone without authentication. Given the default permissions on home directories (world read+execute) and the default umask (world read), this has a serious impact - as unauthenticated users can read all files in a user's home directory. The attack also works for authenticated users against shares requiring authentication.

"Technically the attack is not very challenging and relies on a classic directory traversal attack. It is strikingly similar to the famous Windows SMB filesharing vulnerability from 1995."

The vulnerability was first disclosed to Apple on February 10th and after numerous delays, Apple finally agreed to full disclosure occurring overnight (March 29th US time).

In addition to outlining the vulnerability, the author also provides a simple test to detect whether a target system is vulnerable.

Quoting the discoverer:

Here is the syntax for running the scripts against a system or network to detect vulnerable hosts [using a script available from the NMAP website]:

nmap -p 548 --script afp-path-vuln
If the server is vulnerable it will show the following output:

PORT    STATE SERVICE
548/tcp open  afp
| afp-path-vuln:
|   Patrik's Public Folder/../ (5 first items)
|     .bash_history
|     .bash_profile
|     .CFUserTextEncoding
|     .config/
|     .crash_report_checksum
|
|_AFP path traversal (CVE-2010-0533): VULNERABLE


For those running the Snow Leopard version of Apple OS X, the update may be found here.  iTWire strongly recommends applying the update as soon as possible.

 

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect