Home Business IT Security NMAP developer announces Mac OS X vulnerability

NMAP developer discovers vulnerability in Max OS X AFS share interface and makes an obvious comparison with a similar Windows issue discovered in 1995.

A cynic might start this report with the famous French quote plus ça change, plus c'est la même chose (for the Francophobes: the more things change, the more they stay the same!).

In the interests of 'ethical disclosure,' Patrik Karlsson, one of the developers from the NMAP project who discovered a huge vulnerability chose to hold on to the information until Apple's latest release of the OS (which fixes the problem).

This doesn't mean it is fixed for all versions, only in the latest OS X 10.6.3, released today.  In that article, my colleague Mr Withers notes "Security fixes in 10.6.3 cover the AFP server (two issues)." 

The AFP 'issue' discussed here is very serious (and in the Windows environment, is a mere 15 years old, having been discovered in 1995).

According to the discoverer, "The vulnerability occurs due to improper input validation and allows an attacker to access (list, read, and/or write) files in the parent directory of any AFP sharepoint.

"By default, when enabling AFP, the Public folder in each user's home directory is shared as Public Folder. In my case "Patrik Karlsson's Public Folder". Since the Public folder is a subdirectory of a user's home directory, exploiting this share provides access to all of that user's home directory files (but not subdirectories or files with restrictive filesystem permissions)."

Karlsson continues on the next page...


"As the name suggests, the Public shares are available to anyone without authentication. Given the default permissions on home directories (world read+execute) and the default umask (world read), this has a serious impact - as unauthenticated users can read all files in a user's home directory. The attack also works for authenticated users against shares requiring authentication.

"Technically the attack is not very challenging and relies on a classic directory traversal attack. It is strikingly similar to the famous Windows SMB filesharing vulnerability from 1995."

The vulnerability was first disclosed to Apple on February 10th and after numerous delays, Apple finally agreed to full disclosure occurring overnight (March 29th US time).

In addition to outlining the vulnerability, the author also provides a simple test to detect whether a target system is vulnerable.

Quoting the discoverer:

Here is the syntax for running the scripts against a system or network to detect vulnerable hosts [using a script available from the NMAP website]:

nmap -p 548 --script afp-path-vuln
If the server is vulnerable it will show the following output:

PORT    STATE SERVICE
548/tcp open  afp
| afp-path-vuln:
|   Patrik's Public Folder/../ (5 first items)
|     .bash_history
|     .bash_profile
|     .CFUserTextEncoding
|     .config/
|     .crash_report_checksum
|
|_AFP path traversal (CVE-2010-0533): VULNERABLE


For those running the Snow Leopard version of Apple OS X, the update may be found here.  iTWire strongly recommends applying the update as soon as possible.

 

FREE SEMINAR

Site24x7 Seminars

Deliver Better User Experience in Today's Era of Digital Transformation

Some IT problems are better solved from the cloud

Join us as we discuss how DevOps in combination with AIOps can assure a seamless user experience, and assist you in monitoring all your individual IT components—including your websites, services, network infrastructure, and private or public clouds—from a single, cloud-based dashboard.

Sydney 7th May 2019

Melbourne 09 May 2019

Don’t miss out! Register Today!

REGISTER HERE!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

 

Popular News

 

Telecommunications

 

Guest Opinion

 

Sponsored News

 

 

 

 

Connect