APPLE-SA-2010-09-20-1 Security Update 2010-006

"Security Update 2010-006 is now available and addresses the

CVE-ID: CVE-2010-1820
Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact: A remote attacker may access AFP shared folders without a
valid password
Description: An error handling issue exists in AFP Server. A remote
attacker with knowledge of an account name on a target system may
bypass the password validation and access AFP shared folders. By
default, File Sharing is not enabled. This issue does not affect
systems prior to Mac OS X v10.6.

Security Update 2010-006 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:

For Mac OS X v10.6.4 and Mac OS X Server v10.6.4
The download file is named: SecUpd2010-006Snow.dmg
Its SHA-1 digest is: 84e2c0b95e932be42360273f99581ecf2c25fe34

Security Update 2010-006 is not presented to Mac OS X v10.5 systems.

Information will also be posted to the Apple Security Updates
web site:"

It is recommended that AFP users update their OS X v10.6 to the latest
version as soon as possible, especially if they are sharing files with
their Mac.