Mac OS X Apple File Protocol (AFP) Server Search Result Information Disclosure

2006-06-26T06:49:08
ID OSVDB:26930
Type osvdb
Reporter OSVDB
Modified 2006-06-26T06:49:08

Description

Vulnerability Description

Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user performs a search in an AFP share, which will disclose filenames for which the user has no permission resulting in a loss of confidentiality.

Solution Description

For 10.4 - 10.4.6, upgrade to version 10.4.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

For versions 10.3 - 10.3.9, Apple has released a patch (Security Update 2006-004) to address this vulnerability.

Short Description

Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user performs a search in an AFP share, which will disclose filenames for which the user has no permission resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Security Tracker: 1016395 Security Tracker: 1016620 Secunia Advisory ID:20877 Secunia Advisory ID:21253 Related OSVDB ID: 26932 Related OSVDB ID: 26933 Related OSVDB ID: 27730 Related OSVDB ID: 26931 News Article: http://news.com.com/Apple+updates+Mac+OS+to+squash+bugs/2100-1002_3-6088787.html FrSIRT Advisory: ADV-2006-2566 CVE-2006-1468 CVE-2006-1472 Bugtraq ID: 18686 Bugtraq ID: 18733