发布时间 :2005-06-16 00:00:00
修订时间 :2008-09-05 16:49:53

[原文]AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL.

[CNNVD]Apple Mac OS X操作系统下Security Update 2005-006中多个漏洞 (CNNVD-200506-151)

        Mac OS X 10.4.1操作系统下的AFP服务器,在使用一个启用ACL(访问控制列表)的卷时,当文件被拷贝到一个没有使用ACL的目录时,没有正确删除该ACL,这样就覆盖了那个ACL的POSIX文件权限。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

Apple Mac OS X操作系统下Security Update 2005-006中多个漏洞
低危 资料不足
2005-06-16 00:00:00 2005-10-20 00:00:00
        Mac OS X 10.4.1操作系统下的AFP服务器,在使用一个启用ACL(访问控制列表)的卷时,当文件被拷贝到一个没有使用ACL的目录时,没有正确删除该ACL,这样就覆盖了那个ACL的POSIX文件权限。

- 公告与补丁

        Apple Mac OS X 10.3.9
        Apple SecUpd2005-006Pan.dmg
        Apple Mac OS X Server 10.3.9
        Apple SecUpd2005-006Pan.dmg
        Apple Mac OS X Server 10.4.1
        Apple SecUpd2005-006Ti.dmg
        Apple Mac OS X 10.4.1
        Apple SecUpd2005-006Ti.dmg

- 漏洞信息

Apple Mac OS X AFP Server POSIX Permissions Override DoS
Local Access Required Denial of Service, Other
Loss of Availability
Exploit Unknown

- 漏洞描述

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a file with POSIX-only permissions is copied to an ACL-enabled volume on an AFP server. A temporary ACL is assigned during the copy process which may not be removed after the copy has completed and will result in loss of availability of the file to the owner.

- 时间线

2005-06-02 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete