Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0430 — Improper Handling of Length Parameter Inconsistency in Apple MAC OS X

CWE-130 — Improper Handling of Length Parameter Inconsistency7 documents5 sources

Severity

5.1MEDIUMNVD

EPSS

82.4%

top 0.77%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple MAC OS X Apple MAC OS X Server

Timeline

PublishedJul 7

Latest updateApr 29

Description

Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶NVDapple/mac_os_x10.3.3

▶NVDapple/mac_os_x_server10.3.3

Patches

Patch: www.atstake.com ↗Patch: www.atstake.com ↗

🔴Vulnerability Details

GHSA

GHSA-6fqr-wrf4-vr9r: Stack-based buffer overflow in AppleFileServer for Mac OS X 10↗2022-04-29

▶

💥Exploits & PoCs

Exploit-DB

AppleFileServer (OSX) - LoginExt PathName Overflow (Metasploit)↗2010-09-20

▶

Exploit-DB

Apple Mac OSX 10.3.3 - AppleFileServer Overflow Remote Code Execution↗2004-08-13

▶

Exploit-DB

AppleFileServer 10.3.3 (OSX) - LoginEXT PathName Overflow (Metasploit)↗2004-03-03

▶

Metasploit

AppleFileServer LoginExt PathName Overflow↗

▶

📐Framework References

CWE

Improper Handling of Length Parameter Inconsistency↗

▶