Description
AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets.
Affected products
- Apple / mac_os_x10.3.1 – 10.3.1
- Apple / mac_os_x10.3.5 – 10.3.5
- Apple / mac_os_x10.3.4 – 10.3.4
- Apple / mac_os_x10.3.3 – 10.3.3
- Apple / mac_os_x10.3.2 – 10.3.2
- Apple / mac_os_x10.2 – 10.2
- Apple / mac_os_x10.2.1 – 10.2.1
- Apple / mac_os_x10.2.2 – 10.2.2
- Apple / mac_os_x10.2.3 – 10.2.3
- Apple / mac_os_x10.2.4 – 10.2.4
- Apple / mac_os_x10.2.5 – 10.2.5
- Apple / mac_os_x10.2.6 – 10.2.6
- Apple / mac_os_x10.2.7 – 10.2.7
- Apple / mac_os_x10.2.8 – 10.2.8
- Apple / mac_os_x10.3 – 10.3
- Apple / mac_os_x_server10.3.5 – 10.3.5
- Apple / mac_os_x_server10.3 – 10.3
- Apple / mac_os_x_server10.3.1 – 10.3.1
- Apple / mac_os_x_server10.3.2 – 10.3.2
- Apple / mac_os_x_server10.3.3 – 10.3.3
- Apple / mac_os_x_server10.3.4 – 10.3.4
- Apple / mac_os_x_server10.2 – 10.2
- Apple / mac_os_x_server10.2.1 – 10.2.1
- Apple / mac_os_x_server10.2.2 – 10.2.2
- Apple / mac_os_x_server10.2.3 – 10.2.3
- Apple / mac_os_x_server10.2.4 – 10.2.4
- Apple / mac_os_x_server10.2.5 – 10.2.5
- Apple / mac_os_x_server10.2.6 – 10.2.6
- Apple / mac_os_x_server10.2.7 – 10.2.7
- Apple / mac_os_x_server10.2.8 – 10.2.8
- Apple / quicktime6.5.1 – 6.5.1
- Apple / quicktime6.5 – 6.5
- Apple / quicktime6.1 – 6.1
- Apple / quicktime6.0 – 6.0
- Apple / quicktime5.0.2 – 5.0.2