Apple Computer fixed a vulnerability in its Xsan storage area network software that could enable attackers to execute malicious code on computers connected to the filesystem. Xsan is a enterprise storage area network (SAN) solution for the Mac OS X and Mac OS X Server operating systems that"s commonly used in professional video production, government, and education environments. Xsan"s filesystem can link up to 64 machines, share RAID storage volumes, and enable each client to write directly to the centralized file system.
The buffer overflow vulnerability affects the filesystem driver when processing certain unspecified path names, and an attacker would have to have write access to the system in order to exploit the flaw, Symantec said Thursday in a Deepsight Threat Management System bulletin.