APP: Apple Filing Protocol Overflow

This signature detects attempts to exploit a known vulnerability in Apple Filing Protocol. Attackers can send a maliciously crafted packet that contains an invalid PathName length to overflow a string buffer and execute arbitrary code. Note: Apple Inc. has fixed this vulnerability in APPLE-SA-2004-05-03 Security Update 2004-05-03

Extended Description

It has been reported that AppleFileServer is prone to a remote buffer overflow vulnerability that may allow a remote attacker to execute arbitrary code in order to gain unauthorized access. The issue presents itself when the application receives a 'LoginExt' packet containing a malformed 'PathName' argument. Apple Mac OS X 10.3.3 and prior are reported to be prone to this issue. This issue was previously disclosed in a multiple BID 10268 (Apple OS X Multiple Unspecified Large Input Vulnerabilities), however, it is being assigned a new BID as a result of new information available.

Affected Products

Apple mac_os_x_server

Short Name
APP:AFP-LEN-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Apple CVE-2004-0430 Filing Overflow Protocol bid:10271
Release Date
08/18/2004
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
Port
TCP/548
False Positive
Unknown
Vendors

Apple

CVSS Score

5.1

Found a potential security threat?