AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
来源:NVD
Mac OS X是苹果家族机器所使用的操作系统。 Mac OS的AFP Server存在权限许可和访问控制漏洞。AFP Server没有在禁用了guest访问的时候阻止guest使用AFP共享,这允许远程攻击者通过mount请求绕过预期的访问限制。