CVE-2008-1027 | Vulnerability Database | Aqua Security

Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	10.4.11 (including)	10.4.11 (including)
Mac_os_x	Apple	10.5 (including)	10.5 (including)
Mac_os_x	Apple	10.5.1 (including)	10.5.1 (including)
Mac_os_x	Apple	10.5.2 (including)	10.5.2 (including)
Mac_os_x_server	Apple	10.4.11 (including)	10.4.11 (including)
Mac_os_x_server	Apple	10.5 (including)	10.5 (including)
Mac_os_x_server	Apple	10.5.1 (including)	10.5.1 (including)
Mac_os_x_server	Apple	10.5.2 (including)	10.5.2 (including)

References

http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://secunia.com/advisories/30430
http://securitytracker.com/id?1020130
http://www.securityfocus.com/bid/29412
http://www.securityfocus.com/bid/29490
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.vupen.com/english/advisories/2008/1697
https://exchange.xforce.ibmcloud.com/vulnerabilities/42703

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-1027
CWE	https://cwe.mitre.org/data/definitions/264.html