In the interests of 'ethical disclosure,' Patrik Karlsson, one of the developers from the NMAP project who discovered a huge vulnerability chose to hold on to the information until Apple's latest release of the OS (which fixes the problem).
This doesn't mean it is fixed for all versions, only in the latest OS X 10.6.3, released today. In that article, my colleague Mr Withers notes "Security fixes in 10.6.3 cover the AFP server (two issues)."
The AFP 'issue' discussed here is very serious (and in the Windows environment, is a mere 15 years old, having been discovered in 1995).
According to the discoverer, "The vulnerability occurs due to improper input validation and allows an attacker to access (list, read, and/or write) files in the parent directory of any AFP sharepoint.
"By default, when enabling AFP, the Public folder in each user's home directory is shared as Public Folder. In my case "Patrik Karlsson's Public Folder". Since the Public folder is a subdirectory of a user's home directory, exploiting this share provides access to all of that user's home directory files (but not subdirectories or files with restrictive filesystem permissions)."
Karlsson continues on the next page...
"Technically the attack is not very challenging and relies on a classic directory traversal attack. It is strikingly similar to the famous Windows SMB filesharing vulnerability from 1995."
The vulnerability was first disclosed to Apple on February 10th and after numerous delays, Apple finally agreed to full disclosure occurring overnight (March 29th US time).
In addition to outlining the vulnerability, the author also provides a simple test to detect whether a target system is vulnerable.
Quoting the discoverer:
Here is the syntax for running the scripts against a system or network to detect vulnerable hosts [using a script available from the NMAP website]:
nmap -p 548 --script afp-path-vuln
If the server is vulnerable it will show the following output:
PORT STATE SERVICE
548/tcp open afp
| Patrik's Public Folder/../ (5 first items)
|_AFP path traversal (CVE-2010-0533): VULNERABLE
For those running the Snow Leopard version of Apple OS X, the update may be found here. iTWire strongly recommends applying the update as soon as possible.