About the security content of Mac OS X v10.6.5 and Security Update 2010-007

About the security content of Mac OS X v10.6.5 and Security Update 2010-007 Last Modified: November 12, 2010 Article: HT4435 Email this article Print this page Summary This document describes the security content of Mac OS X v10.6.5 and Security Update 2010-007, which can be downloaded and...

CVE-2010-1829

Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share...

CVE-2010-1830

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors...

Code injection

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors...

Null pointer dereference

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service NULL pointer dereference and daemon restart via crafted reconnect authentication packets...

Directory traversal

Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share...

CVE-2010-1830

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors...

CVE-2010-1830

CVE-2010-1830 concerns AFP Server in Apple Mac OS X 10.5.8 and 10.6.x prior to 10.6.5. An error-handling difference depending on whether a share exists enables remote attackers to enumerate valid share names via unspecified vectors. The issue is addressed by Apple in Security Update 2010-007 (Mac...

CVE-2010-1829

CVE-2010-1829 affects AFP Server on Mac OS X 10.5.8 and 10.6.x up to 10.6.4; a directory traversal flaw allows an authenticated remote user to create files outside a share, potentially enabling arbitrary code execution. Apple patched via improved path validation in Security Update 2010-007, speci...

CVE-2010-1828

The CVE-2010-1828 entry affects AFP Server in Mac OS X 10.5.8 and 10.6.x prior to 10.6.5. Root cause: a NULL pointer dereference in AFP Server’s handling of reconnect authentication packets, leading to remote denial of service and daemon restart. Public detail confirms the impact as a crash/resta...

CVE-2010-1828

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service NULL pointer dereference and daemon restart via crafted reconnect authentication packets...

Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities

Versions of Mac OS X 10.6 earlier than 10.6.5 are potentially affected by multiple vulnerabilities. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache modperl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services -...

Mac OS X Multiple Vulnerabilities (Security Update 2010-007)

The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache modperl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdevcmds - Disk...

Mac OS X AFP Server绕过口令验证漏洞

BUGTRAQ ID: 43341 CVECAN ID: CVE-2010-1820 Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X的AFP Server服务器中存在绕过口令验证漏洞，用户只需知道目标机器上的账号就可以访问AFP共享的文件夹。 Apple Mac OS X 10.6.4 Apple MacOS X Server 10.6.4 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.apple.com/support/downloads/...

CVE-2010-1820

Apple Filing Protocol AFP Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name...

CVE-2010-1820

Apple Filing Protocol AFP Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name...

CVE-2010-1820

The CVE-2010-1820 issue affects Apple Mac OS X AFP Server (10.6.x up to 10.6.4). The vulnerability stems from improper error handling, allowing a remote attacker who knows a valid account name to bypass the password requirement for AFP shared-folder access. Affected product: Mac OS X AFP Server; ...

Mac OS X AFP Shared Folders Unauthenticated Access (Security Update 2010-006)

The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2010-006 applied. This security update fixes an issue in AFP Server by which a remote attacker with knowledge of an account name on the affected system may be able to bypass the password validation and access...

Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003

The remote host is missing Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002

The remote host is missing Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...