All the vulnerabilites related to OpenAFS - OpenAFS
cve-2024-10397
Vulnerability from cvelistv5
Published
2024-11-14 19:33
Modified
2024-11-21 16:10
Severity ?
EPSS score ?
Summary
A malicious server can crash the OpenAFS cache manager and other client
utilities, and possibly execute arbitrary code.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T15:46:42.562778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:10:11.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenAFS",
"vendor": "OpenAFS",
"versions": [
{
"lessThanOrEqual": "1.6.24",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.8.12.2",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.9.1",
"status": "affected",
"version": "1.9.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-12T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eA malicious server can crash the OpenAFS cache manager and other client\nutilities, and possibly execute arbitrary code.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "A malicious server can crash the OpenAFS cache manager and other client\nutilities, and possibly execute arbitrary code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:33:15.462Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://openafs.org/pages/security/OPENAFS-SA-2024-003.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-10397",
"datePublished": "2024-11-14T19:33:15.462Z",
"dateReserved": "2024-10-25T19:25:51.800Z",
"dateUpdated": "2024-11-21T16:10:11.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8312
Vulnerability from cvelistv5
Published
2016-05-13 16:00
Modified
2024-08-06 08:13
Severity ?
EPSS score ?
Summary
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3569 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16 | x_refsource_CONFIRM | |
| http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=2ef863720da4d9f368aaca0461c672a3008195ca | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3569",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=2ef863720da4d9f368aaca0461c672a3008195ca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-13T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3569",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=2ef863720da4d9f368aaca0461c672a3008195ca"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3569",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"name": "https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16"
},
{
"name": "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=2ef863720da4d9f368aaca0461c672a3008195ca",
"refsource": "CONFIRM",
"url": "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=2ef863720da4d9f368aaca0461c672a3008195ca"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8312",
"datePublished": "2016-05-13T16:00:00",
"dateReserved": "2015-11-21T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17432
Vulnerability from cvelistv5
Published
2017-12-06 00:00
Modified
2024-08-05 20:51
Severity ?
EPSS score ?
Summary
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt | x_refsource_CONFIRM | |
| https://bugs.debian.org/883602 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2017/dsa-4067 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/883602"
},
{
"name": "DSA-4067",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4067"
},
{
"name": "[debian-lts-announce] 20171220 [SECURITY] [DLA 1213-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/883602"
},
{
"name": "DSA-4067",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4067"
},
{
"name": "[debian-lts-announce] 20171220 [SECURITY] [DLA 1213-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt"
},
{
"name": "https://bugs.debian.org/883602",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/883602"
},
{
"name": "DSA-4067",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4067"
},
{
"name": "[debian-lts-announce] 20171220 [SECURITY] [DLA 1213-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17432",
"datePublished": "2017-12-06T00:00:00",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-08-05T20:51:31.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16947
Vulnerability from cvelistv5
Published
2018-09-12 01:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4302 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:58.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume\u0027s content with arbitrary data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume\u0027s content with arbitrary data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt",
"refsource": "CONFIRM",
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4302"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16947",
"datePublished": "2018-09-12T01:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:39:58.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1794
Vulnerability from cvelistv5
Published
2013-03-12 16:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt | x_refsource_CONFIRM | |
| http://secunia.com/advisories/52480 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/52342 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2013/dsa-2638 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/58299 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82582 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt"
},
{
"name": "52480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52480"
},
{
"name": "52342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52342"
},
{
"name": "DSA-2638",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "58299",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58299"
},
{
"name": "openafs-fileserver-bo(82582)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt"
},
{
"name": "52480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52480"
},
{
"name": "52342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52342"
},
{
"name": "DSA-2638",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "58299",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58299"
},
{
"name": "openafs-fileserver-bo(82582)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt"
},
{
"name": "52480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52480"
},
{
"name": "52342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52342"
},
{
"name": "DSA-2638",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "MDVSA-2014:244",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "58299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58299"
},
{
"name": "openafs-fileserver-bo(82582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1794",
"datePublished": "2013-03-12T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7763
Vulnerability from cvelistv5
Published
2015-11-06 21:00
Modified
2024-08-06 07:59
Severity ?
EPSS score ?
Summary
rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15 | x_refsource_CONFIRM | |
| https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt | x_refsource_CONFIRM | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1034039 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2015/dsa-3387 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"name": "1034039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034039"
},
{
"name": "DSA-3387",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"name": "1034039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034039"
},
{
"name": "DSA-3387",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"name": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"name": "1034039",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034039"
},
{
"name": "DSA-3387",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7763",
"datePublished": "2015-11-06T21:00:00",
"dateReserved": "2015-10-08T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1251
Vulnerability from cvelistv5
Published
2009-04-09 00:00
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2011/0117 | vdb-entry, x_refsource_VUPEN | |
| http://www.openafs.org/security/OPENAFS-SA-2009-001.txt | x_refsource_CONFIRM | |
| http://www.openafs.org/security/openafs-sa-2009-001.patch | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/0984 | vdb-entry, x_refsource_VUPEN | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:099 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/34407 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/34655 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2009/dsa-1768 | vendor-advisory, x_refsource_DEBIAN | |
| http://security.gentoo.org/glsa/glsa-201101-05.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/34684 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/42896 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/security/openafs-sa-2009-001.patch"
},
{
"name": "ADV-2009-0984",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"name": "MDVSA-2009:099",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"name": "34407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34407"
},
{
"name": "34655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34655"
},
{
"name": "DSA-1768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"name": "GLSA-201101-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"name": "34684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34684"
},
{
"name": "42896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-0117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/security/openafs-sa-2009-001.patch"
},
{
"name": "ADV-2009-0984",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"name": "MDVSA-2009:099",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"name": "34407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34407"
},
{
"name": "34655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34655"
},
{
"name": "DSA-1768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"name": "GLSA-201101-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"name": "34684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34684"
},
{
"name": "42896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42896"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0117",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"name": "http://www.openafs.org/security/OPENAFS-SA-2009-001.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-001.txt"
},
{
"name": "http://www.openafs.org/security/openafs-sa-2009-001.patch",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/security/openafs-sa-2009-001.patch"
},
{
"name": "ADV-2009-0984",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"name": "MDVSA-2009:099",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"name": "34407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34407"
},
{
"name": "34655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34655"
},
{
"name": "DSA-1768",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"name": "GLSA-201101-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"name": "34684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34684"
},
{
"name": "42896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42896"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1251",
"datePublished": "2009-04-09T00:00:00",
"dateReserved": "2009-04-06T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16949
Vulnerability from cvelistv5
Published
2018-09-12 01:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106375 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | mailing-list, x_refsource_MLIST | |
| http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4302 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:58.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106375"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-02T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106375"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106375"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt",
"refsource": "CONFIRM",
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt"
},
{
"name": "DSA-4302",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4302"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16949",
"datePublished": "2018-09-12T01:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:39:58.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2852
Vulnerability from cvelistv5
Published
2014-04-14 15:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2899 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"name": "DSA-2899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-14T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"name": "DSA-2899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"name": "DSA-2899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2852",
"datePublished": "2014-04-14T15:00:00Z",
"dateReserved": "2014-04-14T00:00:00Z",
"dateUpdated": "2024-09-17T00:26:40.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9772
Vulnerability from cvelistv5
Published
2017-02-06 17:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/12/02/9 | mailing-list, x_refsource_MLIST | |
| https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94651 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161202 Re: CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt"
},
{
"name": "94651",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-06T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161202 Re: CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt"
},
{
"name": "94651",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94651"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161202 Re: CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/9"
},
{
"name": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt"
},
{
"name": "94651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94651"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9772",
"datePublished": "2017-02-06T17:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4135
Vulnerability from cvelistv5
Published
2013-11-05 21:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt | x_refsource_CONFIRM | |
| http://www.debian.org/security/2013/dsa-2729 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt"
},
{
"name": "DSA-2729",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-19T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt"
},
{
"name": "DSA-2729",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt"
},
{
"name": "DSA-2729",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"name": "MDVSA-2014:244",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4135",
"datePublished": "2013-11-05T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0028
Vulnerability from cvelistv5
Published
2003-03-21 05:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ESA-20030321-010",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html"
},
{
"name": "MDKSA-2003:037",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037"
},
{
"name": "RHSA-2003:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "CA-2003-10",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-10.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20150122-0002/"
},
{
"name": "DSA-282",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-282"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "SuSE-SA:2003:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_027_glibc.html"
},
{
"name": "20030319 RE: EEYE: XDR Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/315638/30/25430/threaded"
},
{
"name": "RHSA-2003:091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "AD20030318",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20030318.html"
},
{
"name": "VU#516825",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/516825"
},
{
"name": "20030325 GLSA: glibc (200303-22)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104860855114117\u0026w=2"
},
{
"name": "NetBSD-SA2003-008",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc"
},
{
"name": "2003-0014",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104878237121402\u0026w=2"
},
{
"name": "20030331 GLSA: dietlibc (200303-29)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/316931/30/25250/threaded"
},
{
"name": "RHSA-2003:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104810574423662\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:230",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230"
},
{
"name": "DSA-266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "RHSA-2003:089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-089.html"
},
{
"name": "20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104811415301340\u0026w=2"
},
{
"name": "20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105362148313082\u0026w=2"
},
{
"name": "DSA-272",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ESA-20030321-010",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html"
},
{
"name": "MDKSA-2003:037",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037"
},
{
"name": "RHSA-2003:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "CA-2003-10",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-10.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20150122-0002/"
},
{
"name": "DSA-282",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-282"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "SuSE-SA:2003:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_027_glibc.html"
},
{
"name": "20030319 RE: EEYE: XDR Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/315638/30/25430/threaded"
},
{
"name": "RHSA-2003:091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "AD20030318",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20030318.html"
},
{
"name": "VU#516825",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/516825"
},
{
"name": "20030325 GLSA: glibc (200303-22)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104860855114117\u0026w=2"
},
{
"name": "NetBSD-SA2003-008",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc"
},
{
"name": "2003-0014",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104878237121402\u0026w=2"
},
{
"name": "20030331 GLSA: dietlibc (200303-29)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/316931/30/25250/threaded"
},
{
"name": "RHSA-2003:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104810574423662\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:230",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230"
},
{
"name": "DSA-266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "RHSA-2003:089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-089.html"
},
{
"name": "20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104811415301340\u0026w=2"
},
{
"name": "20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105362148313082\u0026w=2"
},
{
"name": "DSA-272",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ESA-20030321-010",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html"
},
{
"name": "MDKSA-2003:037",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037"
},
{
"name": "RHSA-2003:052",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "CA-2003-10",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-10.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20150122-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20150122-0002/"
},
{
"name": "DSA-282",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-282"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "SuSE-SA:2003:027",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_027_glibc.html"
},
{
"name": "20030319 RE: EEYE: XDR Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/315638/30/25430/threaded"
},
{
"name": "RHSA-2003:091",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "AD20030318",
"refsource": "EEYE",
"url": "http://www.eeye.com/html/Research/Advisories/AD20030318.html"
},
{
"name": "VU#516825",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/516825"
},
{
"name": "20030325 GLSA: glibc (200303-22)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104860855114117\u0026w=2"
},
{
"name": "NetBSD-SA2003-008",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc"
},
{
"name": "2003-0014",
"refsource": "TRUSTIX",
"url": "http://marc.info/?l=bugtraq\u0026m=104878237121402\u0026w=2"
},
{
"name": "20030331 GLSA: dietlibc (200303-29)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316931/30/25250/threaded"
},
{
"name": "RHSA-2003:051",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104810574423662\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:230",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230"
},
{
"name": "DSA-266",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "RHSA-2003:089",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-089.html"
},
{
"name": "20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104811415301340\u0026w=2"
},
{
"name": "20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105362148313082\u0026w=2"
},
{
"name": "DSA-272",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0028",
"datePublished": "2003-03-21T05:00:00",
"dateReserved": "2003-01-10T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0430
Vulnerability from cvelistv5
Published
2011-02-18 23:00
Modified
2024-08-06 21:51
Severity ?
EPSS score ?
Summary
Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/46428 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2011/dsa-2168 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.vupen.com/english/advisories/2011/0410 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/43371 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1025095 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2011/0411 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/43407 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:09.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46428",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46428"
},
{
"name": "DSA-2168",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"name": "ADV-2011-0410",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"name": "43371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43371"
},
{
"name": "1025095",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025095"
},
{
"name": "ADV-2011-0411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"name": "43407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46428",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46428"
},
{
"name": "DSA-2168",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"name": "ADV-2011-0410",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"name": "43371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43371"
},
{
"name": "1025095",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025095"
},
{
"name": "ADV-2011-0411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"name": "43407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46428"
},
{
"name": "DSA-2168",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"name": "ADV-2011-0410",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"name": "43371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43371"
},
{
"name": "1025095",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025095"
},
{
"name": "ADV-2011-0411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"name": "43407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0430",
"datePublished": "2011-02-18T23:00:00",
"dateReserved": "2011-01-12T00:00:00",
"dateUpdated": "2024-08-06T21:51:09.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6599
Vulnerability from cvelistv5
Published
2008-01-04 02:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27132",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27132"
},
{
"name": "SUSE-SR:2008:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "[OpenAFS-announce] 20071220 OpenAFS Security Advisory 2007-003: denial of service in OpenAFS fileserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.openafs.org/pipermail/openafs-announce/2007/000220.html"
},
{
"name": "28401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28401"
},
{
"name": "28327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2007-003.txt"
},
{
"name": "GLSA-200801-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-04.xml"
},
{
"name": "28433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28433"
},
{
"name": "DSA-1458",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1458"
},
{
"name": "MDVSA-2008:207",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:207"
},
{
"name": "ADV-2008-0046",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0046"
},
{
"name": "28636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-09T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27132",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27132"
},
{
"name": "SUSE-SR:2008:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "[OpenAFS-announce] 20071220 OpenAFS Security Advisory 2007-003: denial of service in OpenAFS fileserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.openafs.org/pipermail/openafs-announce/2007/000220.html"
},
{
"name": "28401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28401"
},
{
"name": "28327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2007-003.txt"
},
{
"name": "GLSA-200801-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-04.xml"
},
{
"name": "28433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28433"
},
{
"name": "DSA-1458",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1458"
},
{
"name": "MDVSA-2008:207",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:207"
},
{
"name": "ADV-2008-0046",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0046"
},
{
"name": "28636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27132"
},
{
"name": "SUSE-SR:2008:002",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "[OpenAFS-announce] 20071220 OpenAFS Security Advisory 2007-003: denial of service in OpenAFS fileserver",
"refsource": "MLIST",
"url": "http://lists.openafs.org/pipermail/openafs-announce/2007/000220.html"
},
{
"name": "28401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28401"
},
{
"name": "28327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28327"
},
{
"name": "http://www.openafs.org/security/OPENAFS-SA-2007-003.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/security/OPENAFS-SA-2007-003.txt"
},
{
"name": "GLSA-200801-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-04.xml"
},
{
"name": "28433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28433"
},
{
"name": "DSA-1458",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1458"
},
{
"name": "MDVSA-2008:207",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:207"
},
{
"name": "ADV-2008-0046",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0046"
},
{
"name": "28636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6599",
"datePublished": "2008-01-04T02:00:00",
"dateReserved": "2007-12-31T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3285
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1033262 | vdb-entry, x_refsource_SECTRACK | |
| https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3320 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt"
},
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt"
},
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt"
},
{
"name": "1033262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3285",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16948
Vulnerability from cvelistv5
Published
2018-09-12 01:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4302 | vendor-advisory, x_refsource_DEBIAN | |
| http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:57.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"name": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt",
"refsource": "CONFIRM",
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16948",
"datePublished": "2018-09-12T01:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:39:57.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7762
Vulnerability from cvelistv5
Published
2015-11-06 21:00
Modified
2024-08-06 07:58
Severity ?
EPSS score ?
Summary
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15 | x_refsource_CONFIRM | |
| https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt | x_refsource_CONFIRM | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1034039 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2015/dsa-3387 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"name": "1034039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034039"
},
{
"name": "DSA-3387",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"name": "1034039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034039"
},
{
"name": "DSA-3387",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"name": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"name": "1034039",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034039"
},
{
"name": "DSA-3387",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7762",
"datePublished": "2015-11-06T21:00:00",
"dateReserved": "2015-10-08T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4134
Vulnerability from cvelistv5
Published
2013-11-05 21:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2013/dsa-2729 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2729",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-19T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2729",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2729",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"name": "MDVSA-2014:244",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4134",
"datePublished": "2013-11-05T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:30:50.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3282
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033262 | vdb-entry, x_refsource_SECTRACK | |
| https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 | x_refsource_CONFIRM | |
| http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3320 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt"
},
{
"name": "DSA-3320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3282",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10394
Vulnerability from cvelistv5
Published
2024-11-14 19:07
Modified
2024-11-21 16:11
Severity ?
EPSS score ?
Summary
A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix client
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T15:59:42.509613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:11:52.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "OpenAFS",
"product": "OpenAFS",
"vendor": "OpenAFS",
"versions": [
{
"lessThanOrEqual": "1.6.24",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.8.12.2",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.9.1",
"status": "affected",
"version": "1.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Deason"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eA local user can bypass the OpenAFS PAG (Process Authentication Group)\nthrottling mechanism in Unix clients, allowing the user to create a PAG using\nan existing id number, effectively joining the PAG and letting the user steal\nthe credentials in that PAG.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "A local user can bypass the OpenAFS PAG (Process Authentication Group)\nthrottling mechanism in Unix clients, allowing the user to create a PAG using\nan existing id number, effectively joining the PAG and letting the user steal\nthe credentials in that PAG."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:07:50.492Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://openafs.org/pages/security/OPENAFS-SA-2024-001.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix client",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-10394",
"datePublished": "2024-11-14T19:07:50.492Z",
"dateReserved": "2024-10-25T18:51:34.290Z",
"dateUpdated": "2024-11-21T16:11:52.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1795
Vulnerability from cvelistv5
Published
2013-03-12 16:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/52480 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82585 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/52342 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2013/dsa-2638 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/58300 | vdb-entry, x_refsource_BID | |
| http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52480"
},
{
"name": "openafs-ptserver-overflow(82585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82585"
},
{
"name": "52342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52342"
},
{
"name": "DSA-2638",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "58300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58300"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "52480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52480"
},
{
"name": "openafs-ptserver-overflow(82585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82585"
},
{
"name": "52342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52342"
},
{
"name": "DSA-2638",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "58300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58300"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52480"
},
{
"name": "openafs-ptserver-overflow(82585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82585"
},
{
"name": "52342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52342"
},
{
"name": "DSA-2638",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "58300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58300"
},
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt"
},
{
"name": "MDVSA-2014:244",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1795",
"datePublished": "2013-03-12T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2860
Vulnerability from cvelistv5
Published
2016-05-13 16:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3569 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17 | x_refsource_CONFIRM | |
| http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0 | x_refsource_CONFIRM | |
| https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt"
},
{
"name": "DSA-3569",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-13T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt"
},
{
"name": "DSA-3569",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt"
},
{
"name": "DSA-3569",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"name": "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0",
"refsource": "CONFIRM",
"url": "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2860",
"datePublished": "2016-05-13T16:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:13.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3283
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033262 | vdb-entry, x_refsource_SECTRACK | |
| https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3320 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html | mailing-list, x_refsource_MLIST | |
| http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3283",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4536
Vulnerability from cvelistv5
Published
2016-05-13 16:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt | x_refsource_CONFIRM | |
| https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17 | x_refsource_CONFIRM | |
| https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-13T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-4536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-4536",
"datePublished": "2016-05-13T16:00:00",
"dateReserved": "2016-05-05T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10396
Vulnerability from cvelistv5
Published
2024-11-14 19:30
Modified
2024-11-21 16:10
Severity ?
EPSS score ?
Summary
An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T15:58:56.619532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:10:33.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenAFS",
"vendor": "OpenAFS",
"versions": [
{
"lessThanOrEqual": "1.6.24",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.8.12.2",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.9.1",
"status": "affected",
"version": "1.9.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-12T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eAn authenticated user can provide a malformed ACL to the fileserver\u0027s StoreACL\nRPC, causing the fileserver to crash, possibly expose uninitialized memory, and\npossibly store garbage data in the audit log.\nMalformed ACLs provided in responses to client FetchACL RPCs can cause client\nprocesses to crash and possibly expose uninitialized memory into other ACLs\nstored on the server.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "An authenticated user can provide a malformed ACL to the fileserver\u0027s StoreACL\nRPC, causing the fileserver to crash, possibly expose uninitialized memory, and\npossibly store garbage data in the audit log.\nMalformed ACLs provided in responses to client FetchACL RPCs can cause client\nprocesses to crash and possibly expose uninitialized memory into other ACLs\nstored on the server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:30:53.832Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://openafs.org/pages/security/OPENAFS-SA-2024-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An authenticated user can provide a malformed ACL to the fileserver\u0027s StoreACL RPC, causing the fileserver to crash",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-10396",
"datePublished": "2024-11-14T19:30:53.832Z",
"dateReserved": "2024-10-25T19:25:45.524Z",
"dateUpdated": "2024-11-21T16:10:33.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18603
Vulnerability from cvelistv5
Published
2019-10-29 13:41
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T01:06:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt",
"refsource": "MISC",
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18603",
"datePublished": "2019-10-29T13:41:35",
"dateReserved": "2019-10-29T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1250
Vulnerability from cvelistv5
Published
2009-04-09 00:00
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/security/openafs-sa-2009-002.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-002.txt"
},
{
"name": "ADV-2009-0984",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"name": "MDVSA-2009:099",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"name": "34404",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34404"
},
{
"name": "36310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36310"
},
{
"name": "34655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34655"
},
{
"name": "DSA-1768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"name": "ID71123",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396389"
},
{
"name": "GLSA-201101-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"name": "34684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34684"
},
{
"name": "42896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-0117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/security/openafs-sa-2009-002.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-002.txt"
},
{
"name": "ADV-2009-0984",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"name": "MDVSA-2009:099",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"name": "34404",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34404"
},
{
"name": "36310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36310"
},
{
"name": "34655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34655"
},
{
"name": "DSA-1768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"name": "ID71123",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396389"
},
{
"name": "GLSA-201101-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"name": "34684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34684"
},
{
"name": "42896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42896"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0117",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"name": "http://www.openafs.org/security/openafs-sa-2009-002.patch",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/security/openafs-sa-2009-002.patch"
},
{
"name": "http://www.openafs.org/security/OPENAFS-SA-2009-002.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-002.txt"
},
{
"name": "ADV-2009-0984",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"name": "MDVSA-2009:099",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"name": "34404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34404"
},
{
"name": "36310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36310"
},
{
"name": "34655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34655"
},
{
"name": "DSA-1768",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"name": "ID71123",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21396389",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396389"
},
{
"name": "GLSA-201101-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"name": "34684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34684"
},
{
"name": "42896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42896"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1250",
"datePublished": "2009-04-09T00:00:00",
"dateReserved": "2009-04-06T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18602
Vulnerability from cvelistv5
Published
2019-10-29 13:41
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T01:06:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt",
"refsource": "MISC",
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18602",
"datePublished": "2019-10-29T13:41:48",
"dateReserved": "2019-10-29T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18601
Vulnerability from cvelistv5
Published
2019-10-29 13:40
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
References
| ▼ | URL | Tags |
|---|---|---|
| https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T01:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt",
"refsource": "MISC",
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18601",
"datePublished": "2019-10-29T13:40:31",
"dateReserved": "2019-10-29T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0159
Vulnerability from cvelistv5
Published
2014-04-14 15:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt | x_refsource_CONFIRM | |
| http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog | x_refsource_CONFIRM | |
| http://secunia.com/advisories/57779 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/57832 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-2899 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"name": "57779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57779"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "57832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57832"
},
{
"name": "DSA-2899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-19T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"name": "57779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57779"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "57832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57832"
},
{
"name": "DSA-2899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt",
"refsource": "CONFIRM",
"url": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt"
},
{
"name": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"name": "57779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57779"
},
{
"name": "MDVSA-2014:244",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "57832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57832"
},
{
"name": "DSA-2899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0159",
"datePublished": "2014-04-14T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3284
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033262 | vdb-entry, x_refsource_SECTRACK | |
| https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 | x_refsource_CONFIRM | |
| http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3320 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt"
},
{
"name": "DSA-3320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3284",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1507
Vulnerability from cvelistv5
Published
2007-03-20 10:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1033"
},
{
"name": "24582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24582"
},
{
"name": "1017807",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017807"
},
{
"name": "[OpenAFS-announce] 20070319 OpenAFS 1.5.17 release available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000186.html"
},
{
"name": "openafs-setuid-privilege-escalation(33180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33180"
},
{
"name": "DSA-1271",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1271"
},
{
"name": "24720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24720"
},
{
"name": "[OpenAFS-announce] 20070319 OpenAFS 1.4.4 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000185.html"
},
{
"name": "24607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24607"
},
{
"name": "GLSA-200704-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-03.xml"
},
{
"name": "[OpenAFS-announce] 20070320 OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000187.html"
},
{
"name": "MDKSA-2007:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:066"
},
{
"name": "24599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24599"
},
{
"name": "23060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1033"
},
{
"name": "24582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24582"
},
{
"name": "1017807",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017807"
},
{
"name": "[OpenAFS-announce] 20070319 OpenAFS 1.5.17 release available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000186.html"
},
{
"name": "openafs-setuid-privilege-escalation(33180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33180"
},
{
"name": "DSA-1271",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1271"
},
{
"name": "24720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24720"
},
{
"name": "[OpenAFS-announce] 20070319 OpenAFS 1.4.4 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000185.html"
},
{
"name": "24607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24607"
},
{
"name": "GLSA-200704-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-03.xml"
},
{
"name": "[OpenAFS-announce] 20070320 OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000187.html"
},
{
"name": "MDKSA-2007:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:066"
},
{
"name": "24599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24599"
},
{
"name": "23060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1033",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1033"
},
{
"name": "24582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24582"
},
{
"name": "1017807",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017807"
},
{
"name": "[OpenAFS-announce] 20070319 OpenAFS 1.5.17 release available",
"refsource": "MLIST",
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000186.html"
},
{
"name": "openafs-setuid-privilege-escalation(33180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33180"
},
{
"name": "DSA-1271",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1271"
},
{
"name": "24720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24720"
},
{
"name": "[OpenAFS-announce] 20070319 OpenAFS 1.4.4 available",
"refsource": "MLIST",
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000185.html"
},
{
"name": "24607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24607"
},
{
"name": "GLSA-200704-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-03.xml"
},
{
"name": "[OpenAFS-announce] 20070320 OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients",
"refsource": "MLIST",
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000187.html"
},
{
"name": "MDKSA-2007:066",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:066"
},
{
"name": "24599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24599"
},
{
"name": "23060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1507",
"datePublished": "2007-03-20T10:00:00",
"dateReserved": "2007-03-20T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4044
Vulnerability from cvelistv5
Published
2014-06-17 14:00
Modified
2024-08-06 11:04
Severity ?
EPSS score ?
Summary
OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://gerrit.openafs.org/#change%2C11283 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/06/13/3 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/68003 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2014/06/12/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:27.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gerrit.openafs.org/#change%2C11283"
},
{
"name": "[oss-security] 20140613 Re: CVE request: OpenAFS 1.6.8 TMAY fileserver crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/13/3"
},
{
"name": "68003",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68003"
},
{
"name": "[oss-security] 20140611 CVE request: OpenAFS 1.6.8 TMAY fileserver crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/12/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-18T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gerrit.openafs.org/#change%2C11283"
},
{
"name": "[oss-security] 20140613 Re: CVE request: OpenAFS 1.6.8 TMAY fileserver crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/13/3"
},
{
"name": "68003",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68003"
},
{
"name": "[oss-security] 20140611 CVE request: OpenAFS 1.6.8 TMAY fileserver crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/12/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://gerrit.openafs.org/#change,11283",
"refsource": "CONFIRM",
"url": "http://gerrit.openafs.org/#change,11283"
},
{
"name": "[oss-security] 20140613 Re: CVE request: OpenAFS 1.6.8 TMAY fileserver crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/13/3"
},
{
"name": "68003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68003"
},
{
"name": "[oss-security] 20140611 CVE request: OpenAFS 1.6.8 TMAY fileserver crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/12/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4044",
"datePublished": "2014-06-17T14:00:00",
"dateReserved": "2014-06-12T00:00:00",
"dateUpdated": "2024-08-06T11:04:27.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3286
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033262 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt | x_refsource_CONFIRM | |
| https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 | x_refsource_CONFIRM | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3286",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6587
Vulnerability from cvelistv5
Published
2015-09-02 10:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt | x_refsource_CONFIRM | |
| https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3320 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-09-02T06:57:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-6587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-6587",
"datePublished": "2015-09-02T10:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0431
Vulnerability from cvelistv5
Published
2011-02-18 23:00
Modified
2024-08-06 21:51
Severity ?
EPSS score ?
Summary
The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/46428 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2011/dsa-2168 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.vupen.com/english/advisories/2011/0410 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/43371 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1025095 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2011/0411 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/43407 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46428",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46428"
},
{
"name": "DSA-2168",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"name": "ADV-2011-0410",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"name": "43371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43371"
},
{
"name": "1025095",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025095"
},
{
"name": "ADV-2011-0411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"name": "43407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46428",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46428"
},
{
"name": "DSA-2168",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"name": "ADV-2011-0410",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"name": "43371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43371"
},
{
"name": "1025095",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025095"
},
{
"name": "ADV-2011-0411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"name": "43407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46428"
},
{
"name": "DSA-2168",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"name": "ADV-2011-0410",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"name": "43371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43371"
},
{
"name": "1025095",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025095"
},
{
"name": "ADV-2011-0411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"name": "43407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0431",
"datePublished": "2011-02-18T23:00:00",
"dateReserved": "2011-01-12T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}