Apple patches two Mac server holes

Apple Computer warned users on Monday that security vulnerabilities had been found in the file-sharing server software and the directory-services software that are provided with the Mac OS X Server operating system.

When the server shares files that use the network file system (NFS) or the Unix file system (UFS) through the Apple File Service, a flaw could allow a remote user to overwrite arbitrary files, the Cupertino, Calif.-based company said. When logging into the server's directory services, the software could send the password in clear text, not encrypted, as it should do. Apple released a patch for the software, available on its Web site.