AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows malicious users to read the Drop Box.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apple quicktime 5.0.2 |
||
apple quicktime 6.0 |
||
apple quicktime 6.1 |
||
apple quicktime 6.5 |
||
apple quicktime 6.5.1 |
||
apple mac os x 10.3 |
||
apple mac os x 10.3.1 |
||
apple mac os x 10.3.2 |
||
apple mac os x 10.3.3 |
||
apple mac os x server 10.3.2 |
||
apple mac os x server 10.3.3 |
||
apple mac os x server 10.3.4 |
||
apple mac os x server 10.3.5 |
||
apple mac os x 10.2.6 |
||
apple mac os x 10.2.8 |
||
apple mac os x 10.3.4 |
||
apple mac os x server 10.2 |
||
apple mac os x server 10.2.7 |
||
apple mac os x server 10.3 |
||
apple mac os x 10.2.1 |
||
apple mac os x 10.2.2 |
||
apple mac os x 10.2.3 |
||
apple mac os x 10.2.4 |
||
apple mac os x server 10.2.2 |
||
apple mac os x server 10.2.3 |
||
apple mac os x server 10.2.4 |
||
apple mac os x server 10.2.5 |
||
apple mac os x server 10.2.6 |
||
apple mac os x 10.2 |
||
apple mac os x 10.2.5 |
||
apple mac os x 10.2.7 |
||
apple mac os x 10.3.5 |
||
apple mac os x server 10.2.1 |
||
apple mac os x server 10.2.8 |
||
apple mac os x server 10.3.1 |
Vulmon