CVE-2003-0379
CVSS5.0
发布时间 :2003-07-24 00:00:00
修订时间 :2011-03-07 21:12:32
NMCOS    

[原文]Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files.


[CNNVD]Apple AFP Server任意文件破坏漏洞(CNNVD-200307-029)

        
        Mac OS X是一款使用在Mac机器上的操作系统,基于BSD系统。其中包含的Apple文件协议(Apple Filing Protocol)用于AppleShare网络中服务器和客房机之间的通信。
        Apple AFP服务程序在指定文件系统类型上服务文件时存在漏洞,远程攻击者可以利用这个漏洞破坏本地系统的任意文件。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0379
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0379
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200307-029
(官方数据源) CNNVD

- 其它链接及资源

http://lists.apple.com/mhonarc/security-announce/msg00030.html
(VENDOR_ADVISORY)  CONFIRM  http://lists.apple.com/mhonarc/security-announce/msg00030.html

- 漏洞信息

Apple AFP Server任意文件破坏漏洞
中危 未知
2003-07-24 00:00:00 2005-10-20 00:00:00
远程  
        
        Mac OS X是一款使用在Mac机器上的操作系统,基于BSD系统。其中包含的Apple文件协议(Apple Filing Protocol)用于AppleShare网络中服务器和客房机之间的通信。
        Apple AFP服务程序在指定文件系统类型上服务文件时存在漏洞,远程攻击者可以利用这个漏洞破坏本地系统的任意文件。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Apple
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Apple MacOS X Server 10.2.6:
        Apple Upgrade SecurityUpd2003-06-09.dmg
        
        http://www.info.apple.com/kbnum/n120223

- 漏洞信息

7063
Apple Mac OS X Apple File Service NFS/UFS Arbitrary File Overwrite
Remote / Network Access Attack Type Unknown
Loss of Integrity
Exploit Unknown

- 漏洞描述

Mac OS X contains a flaw related to the Apple File Service that may allow an attacker to overwrite arbitrary files. No further details have been provided.

- 时间线

2003-06-09 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apple AFP Server Arbitrary File Corruption Vulnerability
Unknown 7863
Yes No
2003-06-09 12:00:00 2009-07-11 10:06:00
This issue was announced by Apple.

- 受影响的程序版本

Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.0

- 漏洞讨论

A vulnerability has been discovered in Apple AFP Server. The problem presents itself when the application is serving files on a specific filesystem type. A remote attacker is said to be able to exploit this vulnerability to corrupt arbitrary files on the local system.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Apple has released updates for this issue. Users of Mac OS X Server 10.2.6 can update their systems using the Software Update pane in System Preferences or by downloading SecurityUpd2003-06-09.dmg.


Apple Mac OS X Server 10.2.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站