Sign-up

ID

VAR-201011-0205


CVE

CVE-2010-1828


TITLE

Apple Mac OS X of AFP Server Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2010-002408

DESCRIPTION

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets. Attackers can exploit this issue to shutdown the affected computer, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; this has not been confirmed. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. This issue affects Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X 10.6 to 10.6.4, and Mac OS X Server 10.6 to 10.6.4

Trust: 1.98

sources: NVD: CVE-2010-1828 // JVNDB: JVNDB-2010-002408 // BID: 44800 // VULHUB: VHN-44433

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

sources: BID: 44800 // JVNDB: JVNDB-2010-002408 // CNNVD: CNNVD-201011-158 // NVD: CVE-2010-1828

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1828
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-1828
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-158
value: MEDIUM

Trust: 0.6

VULHUB: VHN-44433
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-1828
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-44433
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-44433 // JVNDB: JVNDB-2010-002408 // CNNVD: CNNVD-201011-158 // NVD: CVE-2010-1828

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-44433 // JVNDB: JVNDB-2010-002408 // NVD: CVE-2010-1828

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-158

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201011-158

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002408

PATCH
title:HT4435url:http://support.apple.com/kb/HT4435
Trust: 0.8
title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-002408

EXTERNAL IDS
db:NVDid:CVE-2010-1828
Trust: 2.8
db:SECTRACKid:1024723
Trust: 1.1
db:JVNDBid:JVNDB-2010-002408
Trust: 0.8
db:CNNVDid:CNNVD-201011-158
Trust: 0.7
db:APPLEid:APPLE-SA-2010-11-10-1
Trust: 0.6
db:BIDid:44800
Trust: 0.4
db:VULHUBid:VHN-44433
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44433 // 
            
            
            
            BID: 44800 // 
            
            
            
            JVNDB: JVNDB-2010-002408 // 
            
            
            
            CNNVD: CNNVD-201011-158 // 
            
            
            
            NVD: CVE-2010-1828

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html
Trust: 1.7
url:http://support.apple.com/kb/ht4435
Trust: 1.7
url:http://www.securitytracker.com/id?1024723
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1828
Trust: 0.8
url:http://jvn.jp/cert/jvnvu331391
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1828
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.securityfocus.com/advisories/20899
Trust: 0.3
sources:
            
            
            VULHUB: VHN-44433 // 
            
            
            
            BID: 44800 // 
            
            
            
            JVNDB: JVNDB-2010-002408 // 
            
            
            
            CNNVD: CNNVD-201011-158 // 
            
            
            
            NVD: CVE-2010-1828

CREDITS
Apple
Trust: 0.3
sources:
            
            
            BID: 44800

SOURCES
db:VULHUBid:VHN-44433
db:BIDid:44800
db:JVNDBid:JVNDB-2010-002408
db:CNNVDid:CNNVD-201011-158
db:NVDid:CVE-2010-1828

LAST UPDATE DATE
2025-04-11T20:51:42.897000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-44433date:2010-12-10T00:00:00
db:BIDid:44800date:2010-11-12T20:27:00
db:JVNDBid:JVNDB-2010-002408date:2010-11-25T00:00:00
db:CNNVDid:CNNVD-201011-158date:2010-11-17T00:00:00
db:NVDid:CVE-2010-1828date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-44433date:2010-11-15T00:00:00
db:BIDid:44800date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002408date:2010-11-25T00:00:00
db:CNNVDid:CNNVD-201011-158date:2010-11-17T00:00:00
db:NVDid:CVE-2010-1828date:2010-11-15T23:00:03.970