CVE-2004-0430

AppleFileServer <10.3.3 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteosx

https://www.exploit-db.com/exploits/16863

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Dino Dai Zovi · perlremoteosx

https://www.exploit-db.com/exploits/391

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by H D Moore · rubyremoteosx

https://www.exploit-db.com/exploits/9931

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocosx

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/afp/loginext.rb

View Code ZIP pw:eip

References (7)

[Mailing List] http://lists.apple.com/mhonarc/security-announce/msg00049.html

[Patch, Vendor Advisory] http://www.atstake.com/research/advisories/2004/a050304-1.txt

[US Government Resource] http://www.kb.cert.org/vuls/id/648406

[Various Sources] http://www.securiteam.com/securitynews/5QP0115CUO.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16049

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1010039

[Third Party Advisory] http://secunia.com/advisories/11539

Scores

EPSS 0.8241

EPSS Percentile 99.2%

Details

Status published

Products (2)

apple/mac_os_x < 10.3.3

apple/mac_os_x_server < 10.3.3

Published Jul 07, 2004

Tracked Since Feb 18, 2026