CVE-2004-0430

Exploitation Summary

EIP tracks 4 public exploits for CVE-2004-0430. PoCs published by Metasploit, Dino Dai Zovi, H D Moore, including Metasploit module exploits/osx/afp/loginext.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in AppleFileServer on MacOS X (CVE-2004-0430) by sending a maliciously crafted AFP packet with an oversized path name to trigger remote code execution. It includes a Metasploit module with a hardcoded return address for Mac OS X 10.3.3.

Description

Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteosx

https://www.exploit-db.com/exploits/16863

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in AppleFileServer on MacOS X (CVE-2004-0430) by sending a maliciously crafted AFP packet with an oversized path name to trigger remote code execution. It includes a Metasploit module with a hardcoded return address for Mac OS X 10.3.3.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: AppleFileServer on Mac OS X 10.3.3

No auth needed

Prerequisites: Network access to target on port 548 (AFP) · Target running vulnerable Mac OS X version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Dino Dai Zovi · perlremoteosx

https://www.exploit-db.com/exploits/391

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in AppleFileServer (CVE-2004-0430) to achieve remote code execution. It sends a maliciously crafted FPloginEXT packet to trigger the overflow and execute a portbind shellcode, providing a root shell on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AppleFileServer on MacOSX 10.3.3

No auth needed

Prerequisites: Network access to the target on port 548 (AFP) · Target running vulnerable version of AppleFileServer

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by H D Moore · rubyremoteosx

https://www.exploit-db.com/exploits/9931

View Code ZIP pw:eip

This exploit targets a stack overflow vulnerability in the AppleFileServer service on MacOS X 10.3.3. It crafts a malicious AFP packet with an oversized path name to trigger the overflow and execute arbitrary payloads.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AppleFileServer on MacOS X 10.3.3

No auth needed

Prerequisites: Network access to the target's AFP service (port 548)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypocosx

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/afp/loginext.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in the AppleFileServer service on MacOS X (CVE-2004-0430) by sending a maliciously crafted AFP packet with an oversized path name to trigger remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: AppleFileServer on MacOS X 10.3.3

No auth needed

Prerequisites: Network access to target's AFP service (port 548)

MITRE ATT&CK