site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-09-20-1 Security Update 2010-006 Security Update 2010-006 is now available and addresses the following: AFP CVE-ID: CVE-2010-1820 Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4 Impact: A remote attacker may access AFP shared folders without a valid password Description: An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6. Security Update 2010-006 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6.4 and Mac OS X Server v10.6.4 The download file is named: SecUpd2010-006Snow.dmg Its SHA-1 digest is: 84e2c0b95e932be42360273f99581ecf2c25fe34 Security Update 2010-006 is not presented to Mac OS X v10.5 systems. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJMl5etAAoJEGnF2JsdZQeex3AIAKqmmbzoPH5qQ61DWtsNCfs3 4tatrUl3kuM2K42fhYXBi/U4iO/gK3VyPlCeSKkcDhDqF+zZAyQmlnJkNHU48tgJ H9aUOIZ6NHdHYhCtvXBjHq8Luw7DZW7buG8hyTgOdRic/ycaRvIkb98t1Dg9kta6 1wK0dX5zsswyB5s7Fuf4CgCPdD/XDScz/M3SgymTRX/1DqGVv7LFDE8t5zF0SZct Tf8vzhgkKAWKCiBo+UohP5N5kiCMdLfI89BSU//0ORpYBRIhFti+6sebkKigH1/m xsxW9BJk23MvJEj26Q3hRPWSzHnr1Sh6NinAqe2xW0QvfR3EyupRuw6mv+52rJU= =QRae -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com