CVE-2004-0430

Name of the Vulnerable Software and Affected Versions AppleFileServer for Mac OS X versions 10.3.3 and earlier

Description The issue is related to a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by sending a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument containing an AFPName type string that exceeds the length specified in the associated length field.

Recommendations For AppleFileServer for Mac OS X versions 10.3.3 and earlier, consider disabling the Cleartext Password User Authentication Method (UAM) until a patch is available to prevent exploitation of the buffer overflow vulnerability. Restrict access to the LoginExt packet handling functionality to minimize the risk of remote code execution.