Mac OS X AFP Server POSIX Permissions Override DoS

2005-06-02T00:00:00
ID OSVDB:17269
Type osvdb
Reporter OSVDB
Modified 2005-06-02T00:00:00

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a file with POSIX-only permissions is copied to an ACL-enabled volume on an AFP server. A temporary ACL is assigned during the copy process which may not be removed after the copy has completed and will result in loss of availability of the file to the owner.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a file with POSIX-only permissions is copied to an ACL-enabled volume on an AFP server. A temporary ACL is assigned during the copy process which may not be removed after the copy has completed and will result in loss of availability of the file to the owner.

References:

Vendor Specific Advisory URL Security Tracker: 1014137 Secunia Advisory ID:15481 ISS X-Force ID: 20929 CVE-2005-1720