Description
AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box.
Affected products
- Apple / mac_os_x10.3.1 – 10.3.1
- Apple / mac_os_x10.3.5 – 10.3.5
- Apple / mac_os_x10.3.4 – 10.3.4
- Apple / mac_os_x10.3.3 – 10.3.3
- Apple / mac_os_x10.3.2 – 10.3.2
- Apple / mac_os_x10.2 – 10.2
- Apple / mac_os_x10.2.1 – 10.2.1
- Apple / mac_os_x10.2.2 – 10.2.2
- Apple / mac_os_x10.2.3 – 10.2.3
- Apple / mac_os_x10.2.4 – 10.2.4
- Apple / mac_os_x10.2.5 – 10.2.5
- Apple / mac_os_x10.2.6 – 10.2.6
- Apple / mac_os_x10.2.7 – 10.2.7
- Apple / mac_os_x10.2.8 – 10.2.8
- Apple / mac_os_x10.3 – 10.3
- Apple / mac_os_x_server10.3.5 – 10.3.5
- Apple / mac_os_x_server10.3 – 10.3
- Apple / mac_os_x_server10.3.1 – 10.3.1
- Apple / mac_os_x_server10.3.2 – 10.3.2
- Apple / mac_os_x_server10.3.3 – 10.3.3
- Apple / mac_os_x_server10.3.4 – 10.3.4
- Apple / mac_os_x_server10.2 – 10.2
- Apple / mac_os_x_server10.2.1 – 10.2.1
- Apple / mac_os_x_server10.2.2 – 10.2.2
- Apple / mac_os_x_server10.2.3 – 10.2.3
- Apple / mac_os_x_server10.2.4 – 10.2.4
- Apple / mac_os_x_server10.2.5 – 10.2.5
- Apple / mac_os_x_server10.2.6 – 10.2.6
- Apple / mac_os_x_server10.2.7 – 10.2.7
- Apple / mac_os_x_server10.2.8 – 10.2.8
- Apple / quicktime6.5.1 – 6.5.1
- Apple / quicktime6.5 – 6.5
- Apple / quicktime6.1 – 6.1
- Apple / quicktime6.0 – 6.0
- Apple / quicktime5.0.2 – 5.0.2