Mac OS X v10.6.5: Multiple Vulnerabilities

Users of Mac OS X v10.6.5 please be advised of Multiple Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

APPLE-SA-2010-11-10-1: [APPLE-SA-2010-11-10-1] Mac OS X v10.6.5 and Security Update 2010-007
Impact: A remote attacker may cause AFP Server to unexpectedly

shutdown

Description: A null pointer dereference exists in AFP Server’s

handling of reconnect authentication packets. A remote attacker may

cause AFP Server to unexpectedly shutdown. Mac OS X automatically

restarts AFP Server after a shutdown. This issue is addressed through

improved validation of reconnect packets. Credit: Apple.
Impact: An authenticated user may cause arbitrary code execution

Description: A directory traversal issue exists in AFP Server, which

may allow an authenticated user to create files outside of a share

with the permissions of the user. With a system configuration where

users are permitted file sharing access only, this may lead to

arbitrary code execution. This issue is addressed through improved

path validation. Credit: Apple.

Read more at http://www.criticalwatch.com
 

Advertisements