CVE-2005-1720

Name of the Vulnerable Software and Affected Versions AFP Server for Mac OS X version 10.4.1

Description The issue arises when using an ACL enabled volume with the AFP Server for Mac OS X. Specifically, it does not properly remove an ACL when a file is copied to a directory that does not use ACLs. This results in the ACL overriding the POSIX file permissions for that ACL.

Recommendations For AFP Server for Mac OS X version 10.4.1, consider disabling ACL support on volumes as a temporary workaround until a patch is available. Restrict access to directories that do not use ACLs to minimize the risk of exploitation. Avoid using ACL enabled volumes for file copying operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.