CVE-2004-0921
AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets.
Date published : 2004-10-28
http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html