=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN369
_____________________________________________________________________

DATE                      : 21/09/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Mac OS X v10.6.4, Mac OS X Server v10.6.4.

======================================================================
http://support.apple.com/kb/HT4361
______________________________________________________________________
	
APPLE-SA-2010-09-20-1 Security Update 2010-006

Security Update 2010-006 is now available and addresses the
following:

AFP
CVE-ID:  CVE-2010-1820
Available for:  Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact:  A remote attacker may access AFP shared folders without a
valid password
Description:  An error handling issue exists in AFP Server. A remote
attacker with knowledge of an account name on a target system may
bypass the password validation and access AFP shared folders. By
default, File Sharing is not enabled. This issue does not affect
systems prior to Mac OS X v10.6.


Security Update 2010-006 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.6.4 and Mac OS X Server v10.6.4
The download file is named: SecUpd2010-006Snow.dmg
Its SHA-1 digest is: 84e2c0b95e932be42360273f99581ecf2c25fe34

Security Update 2010-006 is not presented to Mac OS X v10.5 systems.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================