Signature Detail

APP: Apple Filing Protocol Overflow

This signature detects attempts to exploit a known vulnerability in Apple Filing Protocol. Attackers can send a maliciously crafted packet that contains an invalid PathName length to overflow a string buffer and execute arbitrary code. Note: Apple Inc. has fixed this vulnerability in APPLE-SA-2004-05-03 Security Update 2004-05-03

Extended Description

It has been reported that AppleFileServer is prone to a remote buffer overflow vulnerability that may allow a remote attacker to execute arbitrary code in order to gain unauthorized access. The issue presents itself when the application receives a 'LoginExt' packet containing a malformed 'PathName' argument. Apple Mac OS X 10.3.3 and prior are reported to be prone to this issue. This issue was previously disclosed in a multiple BID 10268 (Apple OS X Multiple Unspecified Large Input Vulnerabilities), however, it is being assigned a new BID as a result of new information available.

Affected Products

• Apple Mac OS X 10.2.0
• Apple Mac OS X 10.2.1
• Apple Mac OS X 10.2.2
• Apple Mac OS X 10.2.3
• Apple Mac OS X 10.2.4
• Apple Mac OS X 10.2.5
• Apple Mac OS X 10.2.6
• Apple Mac OS X 10.2.7
• Apple Mac OS X 10.2.8
• Apple Mac OS X 10.3.0
• Apple Mac OS X 10.3.1
• Apple Mac OS X 10.3.2
• Apple Mac OS X 10.3.3
• Apple Mac OS X Server 10.2.0
• Apple Mac OS X Server 10.2.1
• Apple Mac OS X Server 10.2.2
• Apple Mac OS X Server 10.2.3
• Apple Mac OS X Server 10.2.4
• Apple Mac OS X Server 10.2.5
• Apple Mac OS X Server 10.2.6
• Apple Mac OS X Server 10.2.7
• Apple Mac OS X Server 10.2.8
• Apple Mac OS X Server 10.3.0
• Apple Mac OS X Server 10.3.1
• Apple Mac OS X Server 10.3.2
• Apple Mac OS X Server 10.3.3

References

• BugTraq: 10271
• CVE: CVE-2004-0430
• URL: http://www.kb.cert.org/vuls/id/648406
• URL: http://www.ciac.org/ciac/bulletins/o-138.shtml