CVE-2004-0922

Name of the Vulnerable Software and Affected Versions: AFP Server on Mac OS X versions 10.3.x through 10.3.5

Description: The issue arises when the AFP Server on Mac OS X does not properly set the guest group ID under certain conditions. This causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest. As a result, attackers can read the Drop Box.

Recommendations: For Mac OS X versions 10.3.x through 10.3.5, consider restricting access to the AFP Drop Box to prevent unauthorized reading of its contents. Additionally, limit the use of guest-mounted shares to minimize the risk of exploitation.