Vulnerabilites related to openafs - openafs
cve-2014-4044
Vulnerability from cvelistv5
Published
2014-06-17 14:00
Modified
2024-08-06 11:04
Severity ?
EPSS score ?
Summary
OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://gerrit.openafs.org/#change%2C11283 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/06/13/3 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/68003 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2014/06/12/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:27.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gerrit.openafs.org/#change%2C11283"
},
{
"name": "[oss-security] 20140613 Re: CVE request: OpenAFS 1.6.8 TMAY fileserver crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/13/3"
},
{
"name": "68003",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68003"
},
{
"name": "[oss-security] 20140611 CVE request: OpenAFS 1.6.8 TMAY fileserver crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/12/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-18T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gerrit.openafs.org/#change%2C11283"
},
{
"name": "[oss-security] 20140613 Re: CVE request: OpenAFS 1.6.8 TMAY fileserver crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/13/3"
},
{
"name": "68003",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68003"
},
{
"name": "[oss-security] 20140611 CVE request: OpenAFS 1.6.8 TMAY fileserver crashes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/06/12/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://gerrit.openafs.org/#change,11283",
"refsource": "CONFIRM",
"url": "http://gerrit.openafs.org/#change,11283"
},
{
"name": "[oss-security] 20140613 Re: CVE request: OpenAFS 1.6.8 TMAY fileserver crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/13/3"
},
{
"name": "68003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68003"
},
{
"name": "[oss-security] 20140611 CVE request: OpenAFS 1.6.8 TMAY fileserver crashes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/06/12/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4044",
"datePublished": "2014-06-17T14:00:00",
"dateReserved": "2014-06-12T00:00:00",
"dateUpdated": "2024-08-06T11:04:27.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0431
Vulnerability from cvelistv5
Published
2011-02-18 23:00
Modified
2024-08-06 21:51
Severity ?
EPSS score ?
Summary
The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/46428 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2011/dsa-2168 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.vupen.com/english/advisories/2011/0410 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/43371 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1025095 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2011/0411 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/43407 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46428",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46428"
},
{
"name": "DSA-2168",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"name": "ADV-2011-0410",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"name": "43371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43371"
},
{
"name": "1025095",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025095"
},
{
"name": "ADV-2011-0411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"name": "43407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46428",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46428"
},
{
"name": "DSA-2168",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"name": "ADV-2011-0410",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"name": "43371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43371"
},
{
"name": "1025095",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025095"
},
{
"name": "ADV-2011-0411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"name": "43407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46428"
},
{
"name": "DSA-2168",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"name": "ADV-2011-0410",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"name": "43371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43371"
},
{
"name": "1025095",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025095"
},
{
"name": "ADV-2011-0411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"name": "43407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0431",
"datePublished": "2011-02-18T23:00:00",
"dateReserved": "2011-01-12T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3283
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033262 | vdb-entry, x_refsource_SECTRACK | |
| https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3320 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html | mailing-list, x_refsource_MLIST | |
| http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3283",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10397
Vulnerability from cvelistv5
Published
2024-11-14 19:33
Modified
2024-11-21 16:10
Severity ?
EPSS score ?
Summary
A malicious server can crash the OpenAFS cache manager and other client
utilities, and possibly execute arbitrary code.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T15:46:42.562778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:10:11.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenAFS",
"vendor": "OpenAFS",
"versions": [
{
"lessThanOrEqual": "1.6.24",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.8.12.2",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.9.1",
"status": "affected",
"version": "1.9.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-12T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eA malicious server can crash the OpenAFS cache manager and other client\nutilities, and possibly execute arbitrary code.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "A malicious server can crash the OpenAFS cache manager and other client\nutilities, and possibly execute arbitrary code."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:33:15.462Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://openafs.org/pages/security/OPENAFS-SA-2024-003.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-10397",
"datePublished": "2024-11-14T19:33:15.462Z",
"dateReserved": "2024-10-25T19:25:51.800Z",
"dateUpdated": "2024-11-21T16:10:11.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16947
Vulnerability from cvelistv5
Published
2018-09-12 01:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4302 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:58.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume\u0027s content with arbitrary data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume\u0027s content with arbitrary data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt",
"refsource": "CONFIRM",
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4302"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16947",
"datePublished": "2018-09-12T01:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:39:58.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3284
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033262 | vdb-entry, x_refsource_SECTRACK | |
| https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 | x_refsource_CONFIRM | |
| http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3320 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt"
},
{
"name": "DSA-3320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3284",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18602
Vulnerability from cvelistv5
Published
2019-10-29 13:41
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T01:06:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt",
"refsource": "MISC",
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18602",
"datePublished": "2019-10-29T13:41:48",
"dateReserved": "2019-10-29T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2852
Vulnerability from cvelistv5
Published
2014-04-14 15:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog | x_refsource_CONFIRM | |
| http://www.debian.org/security/2014/dsa-2899 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"name": "DSA-2899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-14T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"name": "DSA-2899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"name": "DSA-2899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2852",
"datePublished": "2014-04-14T15:00:00Z",
"dateReserved": "2014-04-14T00:00:00Z",
"dateUpdated": "2024-09-17T00:26:40.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10394
Vulnerability from cvelistv5
Published
2024-11-14 19:07
Modified
2024-11-21 16:11
Severity ?
EPSS score ?
Summary
A local user can bypass the OpenAFS PAG (Process Authentication Group)
throttling mechanism in Unix clients, allowing the user to create a PAG using
an existing id number, effectively joining the PAG and letting the user steal
the credentials in that PAG.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T15:59:42.509613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:11:52.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "OpenAFS",
"product": "OpenAFS",
"vendor": "OpenAFS",
"versions": [
{
"lessThanOrEqual": "1.6.24",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.8.12.2",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.9.1",
"status": "affected",
"version": "1.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrew Deason"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eA local user can bypass the OpenAFS PAG (Process Authentication Group)\nthrottling mechanism in Unix clients, allowing the user to create a PAG using\nan existing id number, effectively joining the PAG and letting the user steal\nthe credentials in that PAG.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "A local user can bypass the OpenAFS PAG (Process Authentication Group)\nthrottling mechanism in Unix clients, allowing the user to create a PAG using\nan existing id number, effectively joining the PAG and letting the user steal\nthe credentials in that PAG."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:07:50.492Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://openafs.org/pages/security/OPENAFS-SA-2024-001.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix client",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-10394",
"datePublished": "2024-11-14T19:07:50.492Z",
"dateReserved": "2024-10-25T18:51:34.290Z",
"dateUpdated": "2024-11-21T16:11:52.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1507
Vulnerability from cvelistv5
Published
2007-03-20 10:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1033"
},
{
"name": "24582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24582"
},
{
"name": "1017807",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017807"
},
{
"name": "[OpenAFS-announce] 20070319 OpenAFS 1.5.17 release available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000186.html"
},
{
"name": "openafs-setuid-privilege-escalation(33180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33180"
},
{
"name": "DSA-1271",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1271"
},
{
"name": "24720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24720"
},
{
"name": "[OpenAFS-announce] 20070319 OpenAFS 1.4.4 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000185.html"
},
{
"name": "24607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24607"
},
{
"name": "GLSA-200704-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-03.xml"
},
{
"name": "[OpenAFS-announce] 20070320 OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000187.html"
},
{
"name": "MDKSA-2007:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:066"
},
{
"name": "24599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24599"
},
{
"name": "23060",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1033",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1033"
},
{
"name": "24582",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24582"
},
{
"name": "1017807",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017807"
},
{
"name": "[OpenAFS-announce] 20070319 OpenAFS 1.5.17 release available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000186.html"
},
{
"name": "openafs-setuid-privilege-escalation(33180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33180"
},
{
"name": "DSA-1271",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1271"
},
{
"name": "24720",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24720"
},
{
"name": "[OpenAFS-announce] 20070319 OpenAFS 1.4.4 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000185.html"
},
{
"name": "24607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24607"
},
{
"name": "GLSA-200704-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-03.xml"
},
{
"name": "[OpenAFS-announce] 20070320 OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000187.html"
},
{
"name": "MDKSA-2007:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:066"
},
{
"name": "24599",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24599"
},
{
"name": "23060",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1033",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1033"
},
{
"name": "24582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24582"
},
{
"name": "1017807",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017807"
},
{
"name": "[OpenAFS-announce] 20070319 OpenAFS 1.5.17 release available",
"refsource": "MLIST",
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000186.html"
},
{
"name": "openafs-setuid-privilege-escalation(33180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33180"
},
{
"name": "DSA-1271",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1271"
},
{
"name": "24720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24720"
},
{
"name": "[OpenAFS-announce] 20070319 OpenAFS 1.4.4 available",
"refsource": "MLIST",
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000185.html"
},
{
"name": "24607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24607"
},
{
"name": "GLSA-200704-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-03.xml"
},
{
"name": "[OpenAFS-announce] 20070320 OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients",
"refsource": "MLIST",
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000187.html"
},
{
"name": "MDKSA-2007:066",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:066"
},
{
"name": "24599",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24599"
},
{
"name": "23060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1507",
"datePublished": "2007-03-20T10:00:00",
"dateReserved": "2007-03-20T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4536
Vulnerability from cvelistv5
Published
2016-05-13 16:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt | x_refsource_CONFIRM | |
| https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17 | x_refsource_CONFIRM | |
| https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-13T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-4536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-4536",
"datePublished": "2016-05-13T16:00:00",
"dateReserved": "2016-05-05T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3286
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033262 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt | x_refsource_CONFIRM | |
| https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 | x_refsource_CONFIRM | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3286",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6599
Vulnerability from cvelistv5
Published
2008-01-04 02:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27132",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27132"
},
{
"name": "SUSE-SR:2008:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "[OpenAFS-announce] 20071220 OpenAFS Security Advisory 2007-003: denial of service in OpenAFS fileserver",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.openafs.org/pipermail/openafs-announce/2007/000220.html"
},
{
"name": "28401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28401"
},
{
"name": "28327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2007-003.txt"
},
{
"name": "GLSA-200801-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-04.xml"
},
{
"name": "28433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28433"
},
{
"name": "DSA-1458",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1458"
},
{
"name": "MDVSA-2008:207",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:207"
},
{
"name": "ADV-2008-0046",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0046"
},
{
"name": "28636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-09T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27132",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27132"
},
{
"name": "SUSE-SR:2008:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "[OpenAFS-announce] 20071220 OpenAFS Security Advisory 2007-003: denial of service in OpenAFS fileserver",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.openafs.org/pipermail/openafs-announce/2007/000220.html"
},
{
"name": "28401",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28401"
},
{
"name": "28327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2007-003.txt"
},
{
"name": "GLSA-200801-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-04.xml"
},
{
"name": "28433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28433"
},
{
"name": "DSA-1458",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1458"
},
{
"name": "MDVSA-2008:207",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:207"
},
{
"name": "ADV-2008-0046",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0046"
},
{
"name": "28636",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27132"
},
{
"name": "SUSE-SR:2008:002",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "[OpenAFS-announce] 20071220 OpenAFS Security Advisory 2007-003: denial of service in OpenAFS fileserver",
"refsource": "MLIST",
"url": "http://lists.openafs.org/pipermail/openafs-announce/2007/000220.html"
},
{
"name": "28401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28401"
},
{
"name": "28327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28327"
},
{
"name": "http://www.openafs.org/security/OPENAFS-SA-2007-003.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/security/OPENAFS-SA-2007-003.txt"
},
{
"name": "GLSA-200801-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-04.xml"
},
{
"name": "28433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28433"
},
{
"name": "DSA-1458",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1458"
},
{
"name": "MDVSA-2008:207",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:207"
},
{
"name": "ADV-2008-0046",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0046"
},
{
"name": "28636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6599",
"datePublished": "2008-01-04T02:00:00",
"dateReserved": "2007-12-31T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0159
Vulnerability from cvelistv5
Published
2014-04-14 15:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt | x_refsource_CONFIRM | |
| http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog | x_refsource_CONFIRM | |
| http://secunia.com/advisories/57779 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/57832 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-2899 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"name": "57779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57779"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "57832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57832"
},
{
"name": "DSA-2899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-19T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"name": "57779",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57779"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "57832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57832"
},
{
"name": "DSA-2899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt",
"refsource": "CONFIRM",
"url": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt"
},
{
"name": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"name": "57779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57779"
},
{
"name": "MDVSA-2014:244",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "57832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57832"
},
{
"name": "DSA-2899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0159",
"datePublished": "2014-04-14T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17432
Vulnerability from cvelistv5
Published
2017-12-06 00:00
Modified
2024-08-05 20:51
Severity ?
EPSS score ?
Summary
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt | x_refsource_CONFIRM | |
| https://bugs.debian.org/883602 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2017/dsa-4067 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/883602"
},
{
"name": "DSA-4067",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-4067"
},
{
"name": "[debian-lts-announce] 20171220 [SECURITY] [DLA 1213-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/883602"
},
{
"name": "DSA-4067",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-4067"
},
{
"name": "[debian-lts-announce] 20171220 [SECURITY] [DLA 1213-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt"
},
{
"name": "https://bugs.debian.org/883602",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/883602"
},
{
"name": "DSA-4067",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4067"
},
{
"name": "[debian-lts-announce] 20171220 [SECURITY] [DLA 1213-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17432",
"datePublished": "2017-12-06T00:00:00",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-08-05T20:51:31.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1250
Vulnerability from cvelistv5
Published
2009-04-09 00:00
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/security/openafs-sa-2009-002.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-002.txt"
},
{
"name": "ADV-2009-0984",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"name": "MDVSA-2009:099",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"name": "34404",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34404"
},
{
"name": "36310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36310"
},
{
"name": "34655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34655"
},
{
"name": "DSA-1768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"name": "ID71123",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396389"
},
{
"name": "GLSA-201101-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"name": "34684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34684"
},
{
"name": "42896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-0117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/security/openafs-sa-2009-002.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-002.txt"
},
{
"name": "ADV-2009-0984",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"name": "MDVSA-2009:099",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"name": "34404",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34404"
},
{
"name": "36310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36310"
},
{
"name": "34655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34655"
},
{
"name": "DSA-1768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"name": "ID71123",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396389"
},
{
"name": "GLSA-201101-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"name": "34684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34684"
},
{
"name": "42896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42896"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0117",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"name": "http://www.openafs.org/security/openafs-sa-2009-002.patch",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/security/openafs-sa-2009-002.patch"
},
{
"name": "http://www.openafs.org/security/OPENAFS-SA-2009-002.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-002.txt"
},
{
"name": "ADV-2009-0984",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"name": "MDVSA-2009:099",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"name": "34404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34404"
},
{
"name": "36310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36310"
},
{
"name": "34655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34655"
},
{
"name": "DSA-1768",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"name": "ID71123",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21396389",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396389"
},
{
"name": "GLSA-201101-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"name": "34684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34684"
},
{
"name": "42896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42896"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1250",
"datePublished": "2009-04-09T00:00:00",
"dateReserved": "2009-04-06T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9772
Vulnerability from cvelistv5
Published
2017-02-06 17:00
Modified
2024-08-06 02:59
Severity ?
EPSS score ?
Summary
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/12/02/9 | mailing-list, x_refsource_MLIST | |
| https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94651 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161202 Re: CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt"
},
{
"name": "94651",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-06T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20161202 Re: CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt"
},
{
"name": "94651",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94651"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161202 Re: CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/9"
},
{
"name": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt"
},
{
"name": "94651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94651"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-9772",
"datePublished": "2017-02-06T17:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-08-06T02:59:03.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1251
Vulnerability from cvelistv5
Published
2009-04-09 00:00
Modified
2024-08-07 05:04
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2011/0117 | vdb-entry, x_refsource_VUPEN | |
| http://www.openafs.org/security/OPENAFS-SA-2009-001.txt | x_refsource_CONFIRM | |
| http://www.openafs.org/security/openafs-sa-2009-001.patch | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/0984 | vdb-entry, x_refsource_VUPEN | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:099 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/34407 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/34655 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2009/dsa-1768 | vendor-advisory, x_refsource_DEBIAN | |
| http://security.gentoo.org/glsa/glsa-201101-05.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/34684 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/42896 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/security/openafs-sa-2009-001.patch"
},
{
"name": "ADV-2009-0984",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"name": "MDVSA-2009:099",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"name": "34407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34407"
},
{
"name": "34655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34655"
},
{
"name": "DSA-1768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"name": "GLSA-201101-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"name": "34684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34684"
},
{
"name": "42896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-16T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-0117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/security/openafs-sa-2009-001.patch"
},
{
"name": "ADV-2009-0984",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"name": "MDVSA-2009:099",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"name": "34407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34407"
},
{
"name": "34655",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34655"
},
{
"name": "DSA-1768",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"name": "GLSA-201101-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"name": "34684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34684"
},
{
"name": "42896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42896"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-0117",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"name": "http://www.openafs.org/security/OPENAFS-SA-2009-001.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-001.txt"
},
{
"name": "http://www.openafs.org/security/openafs-sa-2009-001.patch",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/security/openafs-sa-2009-001.patch"
},
{
"name": "ADV-2009-0984",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"name": "MDVSA-2009:099",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"name": "34407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34407"
},
{
"name": "34655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34655"
},
{
"name": "DSA-1768",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"name": "GLSA-201101-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"name": "34684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34684"
},
{
"name": "42896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42896"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1251",
"datePublished": "2009-04-09T00:00:00",
"dateReserved": "2009-04-06T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1794
Vulnerability from cvelistv5
Published
2013-03-12 16:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt | x_refsource_CONFIRM | |
| http://secunia.com/advisories/52480 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/52342 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2013/dsa-2638 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/58299 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82582 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt"
},
{
"name": "52480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52480"
},
{
"name": "52342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52342"
},
{
"name": "DSA-2638",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "58299",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58299"
},
{
"name": "openafs-fileserver-bo(82582)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt"
},
{
"name": "52480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52480"
},
{
"name": "52342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52342"
},
{
"name": "DSA-2638",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "58299",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58299"
},
{
"name": "openafs-fileserver-bo(82582)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt"
},
{
"name": "52480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52480"
},
{
"name": "52342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52342"
},
{
"name": "DSA-2638",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "MDVSA-2014:244",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "58299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58299"
},
{
"name": "openafs-fileserver-bo(82582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1794",
"datePublished": "2013-03-12T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3285
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1033262 | vdb-entry, x_refsource_SECTRACK | |
| https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3320 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt"
},
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt"
},
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt"
},
{
"name": "1033262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3285",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3282
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033262 | vdb-entry, x_refsource_SECTRACK | |
| https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 | x_refsource_CONFIRM | |
| http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3320 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1033262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt"
},
{
"name": "DSA-3320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3282",
"datePublished": "2015-08-12T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10396
Vulnerability from cvelistv5
Published
2024-11-14 19:30
Modified
2024-11-21 16:10
Severity ?
EPSS score ?
Summary
An authenticated user can provide a malformed ACL to the fileserver's StoreACL
RPC, causing the fileserver to crash, possibly expose uninitialized memory, and
possibly store garbage data in the audit log.
Malformed ACLs provided in responses to client FetchACL RPCs can cause client
processes to crash and possibly expose uninitialized memory into other ACLs
stored on the server.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T15:58:56.619532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:10:33.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenAFS",
"vendor": "OpenAFS",
"versions": [
{
"lessThanOrEqual": "1.6.24",
"status": "affected",
"version": "1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.8.12.2",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.9.1",
"status": "affected",
"version": "1.9.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-12T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eAn authenticated user can provide a malformed ACL to the fileserver\u0027s StoreACL\nRPC, causing the fileserver to crash, possibly expose uninitialized memory, and\npossibly store garbage data in the audit log.\nMalformed ACLs provided in responses to client FetchACL RPCs can cause client\nprocesses to crash and possibly expose uninitialized memory into other ACLs\nstored on the server.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "An authenticated user can provide a malformed ACL to the fileserver\u0027s StoreACL\nRPC, causing the fileserver to crash, possibly expose uninitialized memory, and\npossibly store garbage data in the audit log.\nMalformed ACLs provided in responses to client FetchACL RPCs can cause client\nprocesses to crash and possibly expose uninitialized memory into other ACLs\nstored on the server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:30:53.832Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "https://openafs.org/pages/security/OPENAFS-SA-2024-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An authenticated user can provide a malformed ACL to the fileserver\u0027s StoreACL RPC, causing the fileserver to crash",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2024-10396",
"datePublished": "2024-11-14T19:30:53.832Z",
"dateReserved": "2024-10-25T19:25:45.524Z",
"dateUpdated": "2024-11-21T16:10:33.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1795
Vulnerability from cvelistv5
Published
2013-03-12 16:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/52480 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82585 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/52342 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2013/dsa-2638 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/58300 | vdb-entry, x_refsource_BID | |
| http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52480"
},
{
"name": "openafs-ptserver-overflow(82585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82585"
},
{
"name": "52342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52342"
},
{
"name": "DSA-2638",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "58300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58300"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "52480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52480"
},
{
"name": "openafs-ptserver-overflow(82585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82585"
},
{
"name": "52342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52342"
},
{
"name": "DSA-2638",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "58300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58300"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52480"
},
{
"name": "openafs-ptserver-overflow(82585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82585"
},
{
"name": "52342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52342"
},
{
"name": "DSA-2638",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"name": "58300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58300"
},
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt"
},
{
"name": "MDVSA-2014:244",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1795",
"datePublished": "2013-03-12T16:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2860
Vulnerability from cvelistv5
Published
2016-05-13 16:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3569 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17 | x_refsource_CONFIRM | |
| http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0 | x_refsource_CONFIRM | |
| https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt"
},
{
"name": "DSA-3569",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-13T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt"
},
{
"name": "DSA-3569",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt"
},
{
"name": "DSA-3569",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"name": "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0",
"refsource": "CONFIRM",
"url": "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0"
},
{
"name": "[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2860",
"datePublished": "2016-05-13T16:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:13.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8312
Vulnerability from cvelistv5
Published
2016-05-13 16:00
Modified
2024-08-06 08:13
Severity ?
EPSS score ?
Summary
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3569 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16 | x_refsource_CONFIRM | |
| http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=2ef863720da4d9f368aaca0461c672a3008195ca | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3569",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=2ef863720da4d9f368aaca0461c672a3008195ca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-13T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3569",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=2ef863720da4d9f368aaca0461c672a3008195ca"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3569",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"name": "https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16"
},
{
"name": "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=2ef863720da4d9f368aaca0461c672a3008195ca",
"refsource": "CONFIRM",
"url": "http://git.openafs.org/?p=openafs.git;a=commitdiff;h=2ef863720da4d9f368aaca0461c672a3008195ca"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8312",
"datePublished": "2016-05-13T16:00:00",
"dateReserved": "2015-11-21T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16948
Vulnerability from cvelistv5
Published
2018-09-12 01:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4302 | vendor-advisory, x_refsource_DEBIAN | |
| http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:57.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-24T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "DSA-4302",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"name": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt",
"refsource": "CONFIRM",
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16948",
"datePublished": "2018-09-12T01:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:39:57.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4135
Vulnerability from cvelistv5
Published
2013-11-05 21:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt | x_refsource_CONFIRM | |
| http://www.debian.org/security/2013/dsa-2729 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt"
},
{
"name": "DSA-2729",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-19T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt"
},
{
"name": "DSA-2729",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt"
},
{
"name": "DSA-2729",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"name": "MDVSA-2014:244",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4135",
"datePublished": "2013-11-05T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6587
Vulnerability from cvelistv5
Published
2015-09-02 10:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt | x_refsource_CONFIRM | |
| https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2015/dsa-3320 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-09-02T06:57:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-6587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt"
},
{
"name": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"name": "DSA-3320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"name": "[OpenAFS-announce] 20150730 SECURITY RELEASE: 1.6.13 now available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-6587",
"datePublished": "2015-09-02T10:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18601
Vulnerability from cvelistv5
Published
2019-10-29 13:40
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
References
| ▼ | URL | Tags |
|---|---|---|
| https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T01:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt",
"refsource": "MISC",
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18601",
"datePublished": "2019-10-29T13:40:31",
"dateReserved": "2019-10-29T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0028
Vulnerability from cvelistv5
Published
2003-03-21 05:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ESA-20030321-010",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html"
},
{
"name": "MDKSA-2003:037",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037"
},
{
"name": "RHSA-2003:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "CA-2003-10",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-10.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20150122-0002/"
},
{
"name": "DSA-282",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-282"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "SuSE-SA:2003:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2003_027_glibc.html"
},
{
"name": "20030319 RE: EEYE: XDR Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/315638/30/25430/threaded"
},
{
"name": "RHSA-2003:091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "AD20030318",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20030318.html"
},
{
"name": "VU#516825",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/516825"
},
{
"name": "20030325 GLSA: glibc (200303-22)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104860855114117\u0026w=2"
},
{
"name": "NetBSD-SA2003-008",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc"
},
{
"name": "2003-0014",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104878237121402\u0026w=2"
},
{
"name": "20030331 GLSA: dietlibc (200303-29)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/316931/30/25250/threaded"
},
{
"name": "RHSA-2003:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104810574423662\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:230",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230"
},
{
"name": "DSA-266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "RHSA-2003:089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-089.html"
},
{
"name": "20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104811415301340\u0026w=2"
},
{
"name": "20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105362148313082\u0026w=2"
},
{
"name": "DSA-272",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ESA-20030321-010",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html"
},
{
"name": "MDKSA-2003:037",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037"
},
{
"name": "RHSA-2003:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "CA-2003-10",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-10.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20150122-0002/"
},
{
"name": "DSA-282",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-282"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "SuSE-SA:2003:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2003_027_glibc.html"
},
{
"name": "20030319 RE: EEYE: XDR Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/315638/30/25430/threaded"
},
{
"name": "RHSA-2003:091",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "AD20030318",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20030318.html"
},
{
"name": "VU#516825",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/516825"
},
{
"name": "20030325 GLSA: glibc (200303-22)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104860855114117\u0026w=2"
},
{
"name": "NetBSD-SA2003-008",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc"
},
{
"name": "2003-0014",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104878237121402\u0026w=2"
},
{
"name": "20030331 GLSA: dietlibc (200303-29)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/316931/30/25250/threaded"
},
{
"name": "RHSA-2003:051",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104810574423662\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:230",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230"
},
{
"name": "DSA-266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "RHSA-2003:089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-089.html"
},
{
"name": "20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104811415301340\u0026w=2"
},
{
"name": "20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105362148313082\u0026w=2"
},
{
"name": "DSA-272",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ESA-20030321-010",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html"
},
{
"name": "MDKSA-2003:037",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037"
},
{
"name": "RHSA-2003:052",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "CA-2003-10",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-10.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20150122-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20150122-0002/"
},
{
"name": "DSA-282",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-282"
},
{
"name": "20030331 GLSA: krb5 \u0026 mit-krb5 (200303-28)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "SuSE-SA:2003:027",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_027_glibc.html"
},
{
"name": "20030319 RE: EEYE: XDR Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/315638/30/25430/threaded"
},
{
"name": "RHSA-2003:091",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "AD20030318",
"refsource": "EEYE",
"url": "http://www.eeye.com/html/Research/Advisories/AD20030318.html"
},
{
"name": "VU#516825",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/516825"
},
{
"name": "20030325 GLSA: glibc (200303-22)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104860855114117\u0026w=2"
},
{
"name": "NetBSD-SA2003-008",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc"
},
{
"name": "2003-0014",
"refsource": "TRUSTIX",
"url": "http://marc.info/?l=bugtraq\u0026m=104878237121402\u0026w=2"
},
{
"name": "20030331 GLSA: dietlibc (200303-29)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316931/30/25250/threaded"
},
{
"name": "RHSA-2003:051",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104810574423662\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:230",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230"
},
{
"name": "DSA-266",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "RHSA-2003:089",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-089.html"
},
{
"name": "20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104811415301340\u0026w=2"
},
{
"name": "20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105362148313082\u0026w=2"
},
{
"name": "DSA-272",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0028",
"datePublished": "2003-03-21T05:00:00",
"dateReserved": "2003-01-10T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16949
Vulnerability from cvelistv5
Published
2018-09-12 01:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106375 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | mailing-list, x_refsource_MLIST | |
| http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4302 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:58.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106375"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-02T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106375"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt"
},
{
"name": "DSA-4302",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106375"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1513-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"name": "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt",
"refsource": "CONFIRM",
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt"
},
{
"name": "DSA-4302",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4302"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16949",
"datePublished": "2018-09-12T01:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:39:58.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4134
Vulnerability from cvelistv5
Published
2013-11-05 21:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2013/dsa-2729 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2729",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-19T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2729",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"name": "MDVSA-2014:244",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2729",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"name": "MDVSA-2014:244",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"name": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt",
"refsource": "CONFIRM",
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4134",
"datePublished": "2013-11-05T21:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:30:50.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18603
Vulnerability from cvelistv5
Published
2019-10-29 13:41
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T01:06:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt",
"refsource": "MISC",
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt"
},
{
"name": "[debian-lts-announce] 20191106 [SECURITY] [DLA 1982-1] openafs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18603",
"datePublished": "2019-10-29T13:41:35",
"dateReserved": "2019-10-29T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7762
Vulnerability from cvelistv5
Published
2015-11-06 21:00
Modified
2024-08-06 07:58
Severity ?
EPSS score ?
Summary
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15 | x_refsource_CONFIRM | |
| https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt | x_refsource_CONFIRM | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1034039 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2015/dsa-3387 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"name": "1034039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034039"
},
{
"name": "DSA-3387",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"name": "1034039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034039"
},
{
"name": "DSA-3387",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"name": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"name": "1034039",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034039"
},
{
"name": "DSA-3387",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7762",
"datePublished": "2015-11-06T21:00:00",
"dateReserved": "2015-10-08T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7763
Vulnerability from cvelistv5
Published
2015-11-06 21:00
Modified
2024-08-06 07:59
Severity ?
EPSS score ?
Summary
rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15 | x_refsource_CONFIRM | |
| https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt | x_refsource_CONFIRM | |
| https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1034039 | vdb-entry, x_refsource_SECTRACK | |
| http://www.debian.org/security/2015/dsa-3387 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"name": "1034039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034039"
},
{
"name": "DSA-3387",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"name": "1034039",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034039"
},
{
"name": "DSA-3387",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"name": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt",
"refsource": "CONFIRM",
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"name": "[OpenAFS-announce] 20151028 OpenAFS security release 1.6.15 available",
"refsource": "MLIST",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"name": "1034039",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034039"
},
{
"name": "DSA-3387",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7763",
"datePublished": "2015-11-06T21:00:00",
"dateReserved": "2015-10-08T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0430
Vulnerability from cvelistv5
Published
2011-02-18 23:00
Modified
2024-08-06 21:51
Severity ?
EPSS score ?
Summary
Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/46428 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2011/dsa-2168 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.vupen.com/english/advisories/2011/0410 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/43371 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1025095 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2011/0411 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/43407 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:09.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46428",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46428"
},
{
"name": "DSA-2168",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"name": "ADV-2011-0410",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"name": "43371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43371"
},
{
"name": "1025095",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025095"
},
{
"name": "ADV-2011-0411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"name": "43407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46428",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46428"
},
{
"name": "DSA-2168",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"name": "ADV-2011-0410",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"name": "43371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43371"
},
{
"name": "1025095",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025095"
},
{
"name": "ADV-2011-0411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"name": "43407",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46428"
},
{
"name": "DSA-2168",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"name": "ADV-2011-0410",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"name": "43371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43371"
},
{
"name": "1025095",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025095"
},
{
"name": "ADV-2011-0411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"name": "43407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0430",
"datePublished": "2011-02-18T23:00:00",
"dateReserved": "2011-01-12T00:00:00",
"dateUpdated": "2024-08-06T21:51:09.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-03-14 03:13
Modified
2024-11-21 01:50
Severity ?
Summary
Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1497402-9268-4A55-B7F3-58247345BD61",
"versionEndIncluding": "1.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "25AA0ACE-A8C6-4234-8EE2-F52438B6F472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E1E141BE-9ECF-4275-BFBD-E3DBF7D86A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8C85F39C-C8D3-4493-8432-5EE3FB231BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C158198E-8D22-41A8-8C24-8ABBE3354F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F377FB25-17B5-48A8-BC3C-3E99649C429E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4033D1-2374-429D-8927-F51EDC24E96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "39308049-0C20-4845-9803-529A85CB9682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC63C9E-169F-40B5-A011-2A77B675875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CC270B-4822-43DB-BD28-50B497EA196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FAC3B7-9F61-448A-B0F0-D581DCDAC87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "851DD68F-4272-4A86-A421-8D41FA63FADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F6CEAEF2-855A-4663-B0FE-71EF470FB227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7986966F-8A0F-4B5F-9C27-39F818782EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABF69BA-857A-45A0-89DD-02476E93390C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "92E099A9-B50E-4DE6-BB38-982967B3700A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA60762-5259-45C8-98D4-7C4E844FD231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "378F38A7-422C-4603-8120-42DB91C8B90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "69AC18EA-7DB6-4F68-95DD-637D557DDF0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "2041735A-BFB0-4875-937A-B530D2E687B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7293A-0430-478E-B567-9C8505288F83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD8DE00-622E-42DC-B1C7-8B9C1300DEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FCFBC7-CDEF-402D-8C11-DD3D112B76CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "22ABC36E-79A7-41A6-8A80-CF3563EE640E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "9E121D95-158B-446D-BECD-D90D348A8CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.34:*:*:*:*:*:*:*",
"matchCriteriaId": "C2993321-45A6-496F-ADC3-B83E52B90ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA6732C-6108-40B1-B9D3-D11D9C18B225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.36:*:*:*:*:*:*:*",
"matchCriteriaId": "A93DE322-6843-4C9C-82F2-2E55FC5231DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "79EE6FA8-2127-4011-8C26-6B7A073F863C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.38:*:*:*:*:*:*:*",
"matchCriteriaId": "52D0C9D5-009C-4153-AB84-1DC3191CAC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.39:*:*:*:*:*:*:*",
"matchCriteriaId": "18AAA5FE-D9FE-40A8-804B-C86C2D865958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCB63E5-D32E-41E3-958D-F1991318CFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.51:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF75979-BDA7-46DA-987B-A1D59F95B0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.52:*:*:*:*:*:*:*",
"matchCriteriaId": "7FDE6F07-DD16-4075-B7C4-4C3B9A194C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.53:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B8EC69-A4CD-42F8-AD25-ACE8DDAE7F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9F3B0624-435B-4A06-BC13-5B47C34E11E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.55:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F90E76-4EF0-4E12-96F9-1007DF457277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.56:*:*:*:*:*:*:*",
"matchCriteriaId": "F3944EFB-9C8C-451E-A339-603FC617A352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.57:*:*:*:*:*:*:*",
"matchCriteriaId": "5B400BB8-53F2-4BC3-842B-42480B52D156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.58:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1C5AD7-141A-4932-9A05-994B6CC69AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.59:*:*:*:*:*:*:*",
"matchCriteriaId": "DD49634F-5DA6-4FBA-97EE-936DE63E75C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.60:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC06AB2-1D82-4A0B-9449-F4C72CF5A0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.61:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5486E2-B36D-471D-B356-30BA5D8F3AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A386DC5A-0333-4104-8392-014D8BBFF47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.63:*:*:*:*:*:*:*",
"matchCriteriaId": "32A7E126-F38C-4530-AED8-51FA33C81F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.64:*:*:*:*:*:*:*",
"matchCriteriaId": "ED74E6B6-BAFE-4B98-8DC3-C75C321272C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.65:*:*:*:*:*:*:*",
"matchCriteriaId": "5F5F17B3-CF38-4316-A15C-C2EE362881A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.66:*:*:*:*:*:*:*",
"matchCriteriaId": "2EB2BE97-CE66-4779-B39C-47314BD2F1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.67:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6D399-7EB8-40B4-9466-B38CE1887AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.68:*:*:*:*:*:*:*",
"matchCriteriaId": "9C112D17-EF66-4C69-BD90-BFB6E15825E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.69:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF96C2F-2F22-4496-9B9D-240D1CEAF07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.70:*:*:*:*:*:*:*",
"matchCriteriaId": "9C75A947-02E6-4DC0-94CA-06C67A2AB0F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.71:*:*:*:*:*:*:*",
"matchCriteriaId": "0454D60A-8816-4D39-B57F-04F9555200C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.72:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1B6477-930B-4556-B4F4-FECAC862B87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.73:*:*:*:*:*:*:*",
"matchCriteriaId": "3D3DE7BE-0BF9-46B7-9BA6-FB5157CCD184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.74:*:*:*:*:*:*:*",
"matchCriteriaId": "0A15EA7B-CCDB-496C-BF9E-5D1B072F6ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.75:*:*:*:*:*:*:*",
"matchCriteriaId": "D05354C2-8BA9-4FA7-A2C1-D8DC1965D92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.76:*:*:*:*:*:*:*",
"matchCriteriaId": "3057D5C8-AA27-4C1D-AD5A-66DE010A943E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.77:*:*:*:*:*:*:*",
"matchCriteriaId": "001C25DE-7B10-4E60-9C8A-3F87A8FDA169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.78:*:*:*:*:*:*:*",
"matchCriteriaId": "A1EEEF95-F888-4F18-9A66-801CDF190DDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A71A1B-DCDC-4E72-9C46-49919E4F372C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en ptserver en OpenAFS anterior a v1.6.2 que permite a atacantes remotos causar una denegaci\u00f3n del servicio (rotura) a trav\u00e9s de una lista larga desde el UdToName RPC, que dispara un desbordamiento de bufer basado en pila."
}
],
"id": "CVE-2013-1795",
"lastModified": "2024-11-21T01:50:24.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-14T03:13:40.593",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/52342"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/52480"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58300"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/52342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/52480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82585"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-12 01:29
Modified
2024-11-21 03:53
Severity ?
Summary
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4302 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4302 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openafs | openafs | * | |
| openafs | openafs | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA89B3F9-E528-4454-AC07-C4CC229CE95C",
"versionEndExcluding": "1.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E83EF0AF-3D2F-46F7-BB02-E3B3841A1487",
"versionEndExcluding": "1.8.2",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en OpenAFS, en versiones anteriores a la 1.6.23 y versiones 1.8.x anteriores a la 1.8.2. Varias rutinas del servidor RPC no inicializaron completamente sus variables de salida antes de volver, filtrando el contenido de la memoria tanto de la pila como la memoria din\u00e1mica (heap). Debido a que el gestor de cach\u00e9 de OpenAFS funciona como servidor Rx para el servicio AFSCB, los clientes tambi\u00e9n son susceptibles de sufrir una fuga de informaci\u00f3n. Por ejemplo, RXAFSCB_TellMeAboutYourself filtra memoria del kernel y KAM_ListEntry filtra memoria de kaserver."
}
],
"id": "CVE-2018-16948",
"lastModified": "2024-11-21T03:53:34.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-12T01:29:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-14 15:09
Modified
2024-11-21 02:01
Severity ?
Summary
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openafs | openafs | 1.4.8 | |
| openafs | openafs | 1.4.9 | |
| openafs | openafs | 1.4.10 | |
| openafs | openafs | 1.4.11 | |
| openafs | openafs | 1.4.12 | |
| openafs | openafs | 1.4.14 | |
| openafs | openafs | 1.4.14.1 | |
| openafs | openafs | 1.4.15 | |
| openafs | openafs | 1.6.0 | |
| openafs | openafs | 1.6.1 | |
| openafs | openafs | 1.6.2 | |
| openafs | openafs | 1.6.2.1 | |
| openafs | openafs | 1.6.3 | |
| openafs | openafs | 1.6.4 | |
| openafs | openafs | 1.6.5 | |
| openafs | openafs | 1.6.5.1 | |
| openafs | openafs | 1.6.5.2 | |
| openafs | openafs | 1.6.6 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "38D14A4C-D467-431A-A223-9383FD94EB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E01F11-9AAD-45BA-87A0-F718933CBF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2A139B-2C74-420C-8730-0832D5536A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AB522B81-9FD9-4A1F-A04D-FB319A0252ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "77998ED3-15AE-4547-AAF3-596F4DC7C399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "722F4AB9-D515-4616-996E-37C2A6007AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0798F6F7-6717-4BE1-9AF6-B15FB2A4D888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "997D6E5C-933D-4747-BD62-C66BC4E2B3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A71A1B-DCDC-4E72-9C46-49919E4F372C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7150CE0E-A1EC-41EB-AD71-5B6C87289EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEFFEE0-C867-40F1-93F4-239EF1C6E2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD16CAA-1DF0-4BFC-AB76-AD06329080D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC2FFCF-BC84-43FF-8162-C796D3E43317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47FED822-5D5F-4299-9E17-865F9ADDCB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FED301E1-B19C-49D7-AF5D-20301BA53E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA403EE6-31FB-47A3-BDBE-72A4277A4EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58385FBA-632C-49B4-8AD0-9B3585845955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7D0515-EC70-4B4C-97BE-CA114CA34B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en la llamada de procedimientos remotos (RPC) GetStatistics64 en OpenAFS 1.4.8 anterior a 1.6.7 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un argumento statsVersion manipulado."
}
],
"id": "CVE-2014-0159",
"lastModified": "2024-11-21T02:01:30.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-14T15:09:05.990",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/57779"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/57832"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2899"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Release Notes"
],
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/57779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/57832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-2899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Release Notes"
],
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-12 01:29
Modified
2024-11-21 03:53
Severity ?
Summary
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/106375 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4302 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106375 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4302 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openafs | openafs | * | |
| openafs | openafs | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA89B3F9-E528-4454-AC07-C4CC229CE95C",
"versionEndExcluding": "1.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E83EF0AF-3D2F-46F7-BB02-E3B3841A1487",
"versionEndExcluding": "1.8.2",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en OpenAFS, en versiones anteriores a la 1.6.23 y versiones 1.8.x anteriores a la 1.8.2. Se implementaron varios tipos de datos empleados como variables de entrada RPC como tipos de array sin limitar, limitados solo por el campo length de 32 bits a 4 GB. Un atacante no autenticado podr\u00eda enviar o decir que env\u00eda valores de entrada grandes y consumir recursos del servidor mientras esperan por esas entradas, denegando el servicio a otras conexiones v\u00e1lidas."
}
],
"id": "CVE-2018-16949",
"lastModified": "2024-11-21T03:53:34.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-12T01:29:00.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106375"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-09 00:30
Modified
2024-11-21 01:02
Severity ?
Summary
The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:afs:*:patch18:*:*:*:*:*:*",
"matchCriteriaId": "4201D241-5784-46AC-AACD-5612EB4F08AB",
"versionEndIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:afs:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30616D7B-7047-4DB0-A259-1859619AC78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:afs:3.6:patch12:*:*:*:*:*:*",
"matchCriteriaId": "278D5804-4178-4946-AA4A-987540E82602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:afs:3.6:patch13:*:*:*:*:*:*",
"matchCriteriaId": "E41CEBB0-3A49-4652-AE91-D41A40DF92A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:afs:3.6:patch14:*:*:*:*:*:*",
"matchCriteriaId": "8E86AF64-34DB-4C1F-AAC7-BA44D5DDBF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:afs:3.6:patch15:*:*:*:*:*:*",
"matchCriteriaId": "441D8AD1-5E83-4A48-9C5E-50E508C60B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:afs:3.6:patch16:*:*:*:*:*:*",
"matchCriteriaId": "8B0EB239-580C-433D-8FAB-6BF0437D0755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC8B64A-B5A9-4F66-86AD-0288F8E3D62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE08E0AC-71F8-456B-9E88-43E94A6A2F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10CFD4A8-71AE-4F85-B86D-001461ECC2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD3D4A8-934B-420A-AF4A-36DD16E2F851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7AD53C-917A-41CC-83CD-6DF825E2640E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F84C9B-8073-4EBE-AA75-A373772A42EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E921700-C76F-41EA-AA61-6F939ED329CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9A5221-2DBC-487A-9C6D-84EB9C95EB05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDBD251-3E96-4068-AD24-E5B1802769E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "23A07568-7B15-49F1-9163-40A0BFF38309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A18760-0921-475E-9104-4DF480697E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD01B5F6-7E91-4FE8-B345-42D58C786FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34002792-689C-45B5-9B5A-94B5342AC20B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "3331166E-ABBA-4326-8EF4-88872B9824A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "302A9220-4C73-4D69-8B62-B64A7E280B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8FC287-D6D8-44BA-9125-3E64624ECDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295C09E5-23C3-4F9E-80FC-B0C4EC34C846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0295B94D-BE71-4DA2-81C5-E5BBCF0E17AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBADEB7-0073-42EB-B53D-ADA227898493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0951C53-C62A-4607-B6DB-E6B38DF3A5E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0813CDDB-FF48-4154-81F3-20873A6C6C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6AAAE0E9-BB79-455F-A08E-AC83370DBD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55B65ACE-3BA2-4B42-AEE8-8F647A6399F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E298D9-63FB-4818-A2F1-EDFC287625F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F2EED9-29E6-41E9-A911-D6ED9A08643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "299D4344-A1DB-4EC3-B1A2-5E07FB2B585F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BE26C0-4A71-43AE-B134-3CE6DE839349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE590EA3-85F6-462A-BCC1-0550192F8F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20DB0E2F-782F-4BA1-A81A-5DDDA8CF0A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1399FC-A356-4624-BBA6-059B797B4C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "5D767864-04D5-4571-8B13-CD347ADB3ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "C47CECE6-1BD8-4CC3-B1F8-A4A069004C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "846D8776-DCDF-4BD0-A391-5546BD4B20C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "58C9013E-A08B-441E-AE3F-C688793366FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F37635-C186-4D06-A79C-2A7AB0CFBAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1364B7-D564-4385-B7D7-67184E474712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3D7891-0B48-4C5D-B74B-6810FB4696F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3BF7B2-72FF-4756-A1CC-982A1CD0747C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "832A44D5-3851-4DC5-A37A-B3C356764B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F42FFC-9EA1-471C-8E5F-F8860BB2EA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "91E0060C-4C43-4B4C-88CE-01F5055A9193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1A3516-7785-406E-83B2-96A0FF8461A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "F020E77C-8445-4BE8-A36E-A436102FE83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "39F16D28-5011-4CE3-A656-9F9908E760AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1E040E-020D-4567-BF57-9A2DA7294CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "38D14A4C-D467-431A-A223-9383FD94EB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED10F836-88BE-4832-BE5A-83AE0C798368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA22C60E-64A4-4340-A780-0C85BDACBB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "F407281C-A813-4190-BBF1-FB93779681DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6BEEDA-C1FE-49BA-A829-BA3BBBED1AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "39308049-0C20-4845-9803-529A85CB9682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC63C9E-169F-40B5-A011-2A77B675875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "378F38A7-422C-4603-8120-42DB91C8B90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "69AC18EA-7DB6-4F68-95DD-637D557DDF0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD8DE00-622E-42DC-B1C7-8B9C1300DEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FCFBC7-CDEF-402D-8C11-DD3D112B76CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "22ABC36E-79A7-41A6-8A80-CF3563EE640E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "9E121D95-158B-446D-BECD-D90D348A8CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.34:*:*:*:*:*:*:*",
"matchCriteriaId": "C2993321-45A6-496F-ADC3-B83E52B90ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA6732C-6108-40B1-B9D3-D11D9C18B225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.36:*:*:*:*:*:*:*",
"matchCriteriaId": "A93DE322-6843-4C9C-82F2-2E55FC5231DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.38:*:*:*:*:*:*:*",
"matchCriteriaId": "52D0C9D5-009C-4153-AB84-1DC3191CAC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.39:*:*:*:*:*:*:*",
"matchCriteriaId": "18AAA5FE-D9FE-40A8-804B-C86C2D865958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCB63E5-D32E-41E3-958D-F1991318CFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.52:*:*:*:*:*:*:*",
"matchCriteriaId": "7FDE6F07-DD16-4075-B7C4-4C3B9A194C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.53:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B8EC69-A4CD-42F8-AD25-ACE8DDAE7F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9F3B0624-435B-4A06-BC13-5B47C34E11E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.55:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F90E76-4EF0-4E12-96F9-1007DF457277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.56:*:*:*:*:*:*:*",
"matchCriteriaId": "F3944EFB-9C8C-451E-A339-603FC617A352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.57:*:*:*:*:*:*:*",
"matchCriteriaId": "5B400BB8-53F2-4BC3-842B-42480B52D156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.58:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1C5AD7-141A-4932-9A05-994B6CC69AC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro."
},
{
"lang": "es",
"value": "El gestor de cach\u00e9 en el cliente OpenAFS v1.0 hasta v1.4.8 y v1.5.0 hasta v1.5.58 en Linux, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) a trav\u00e9s de una respuesta RX con un valor en el c\u00f3digo de error muy largo, lo que es interpretado como un puntero y desrefereciado, relativo al uso de la macro ERR_PTR."
}
],
"id": "CVE-2009-1250",
"lastModified": "2024-11-21T01:02:00.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-09T00:30:00.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34655"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34684"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36310"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42896"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396389"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"source": "cve@mitre.org",
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-002.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.openafs.org/security/openafs-sa-2009-002.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34404"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1ID71123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openafs.org/security/openafs-sa-2009-002.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0117"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-13 16:59
Modified
2024-11-21 02:52
Severity ?
Summary
The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F1B642-7864-4117-B88C-70331F00BD16",
"versionEndIncluding": "1.6.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic."
},
{
"lang": "es",
"value": "El cliente en OpenAFS en versiones anteriores a 1.6.17 no inicializa adecuadamente las estructuras (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes y (4) ListAddrByAttributes, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n de memoria sensible aprovechando el acceso al tr\u00e1fico de llamadas RPC."
}
],
"id": "CVE-2016-4536",
"lastModified": "2024-11-21T02:52:25.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-13T16:59:11.920",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-04 02:46
Modified
2024-11-21 00:40
Severity ?
Summary
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openafs | openafs | * | |
| openafs | openafs | * | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3D1161-AA0C-434B-9748-C49CF593B5A0",
"versionEndIncluding": "1.4.5",
"versionStartIncluding": "1.3.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D280E1D2-765F-4367-A109-6656572D9A33",
"versionEndIncluding": "1.5.27",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en el servidor de ficheros de OpenAFS 1.3.50 hasta 1.4.5 y 1.5.0 hasta 1.5.27 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) al adquirir simult\u00e1neamente y devolver llamadas a ficheros, lo cual provoca que el gestor de GiveUpAllCallBacks RPC realice operaciones de listas enlazadas sin el bloqueo host_glock."
}
],
"id": "CVE-2007-6599",
"lastModified": "2024-11-21T00:40:32.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-04T02:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.openafs.org/pipermail/openafs-announce/2007/000220.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/28327"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/28401"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/28433"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/28636"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-04.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1458"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:207"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2007-003.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/27132"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.openafs.org/pipermail/openafs-announce/2007/000220.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/28327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/28401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/28433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/28636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2007-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/27132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0046"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-13 16:59
Modified
2024-11-21 02:38
Severity ?
Summary
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openafs | openafs | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74A84C8-4873-411F-A740-E320159B106C",
"versionEndIncluding": "1.6.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes."
},
{
"lang": "es",
"value": "Error por un paso en afs_pioctl.c en OpenAFS en versiones anteriores a 1.6.16 podr\u00eda permitir a usuarios locales provocar una denegaci\u00f3n de servicio (sobrescritura de memoria y ca\u00edda de sistema) a trav\u00e9s de un pioctl con un tama\u00f1o de buffer de entrada de 4096 bytes."
}
],
"id": "CVE-2015-8312",
"lastModified": "2024-11-21T02:38:16.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-13T16:59:06.890",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=2ef863720da4d9f368aaca0461c672a3008195ca"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=2ef863720da4d9f368aaca0461c672a3008195ca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-13 16:59
Modified
2024-11-21 02:48
Severity ?
Summary
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openafs | openafs | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F1B642-7864-4117-B88C-70331F00BD16",
"versionEndIncluding": "1.6.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID."
},
{
"lang": "es",
"value": "La funci\u00f3n newEntry en ptserver/ptprocs.c en OpenAFS en versiones anteriores a 1.6.17 permite a usuarios remotos autenticados de dominios Kerberos ajenos eludir las restricciones destinadas al acceso y crear grupos arbitrarios como administradores aprovechando que no maneja correctamente el ID creator."
}
],
"id": "CVE-2016-2860",
"lastModified": "2024-11-21T02:48:57.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-13T16:59:08.060",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt"
},
{
"source": "cve@mitre.org",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-02 10:59
Modified
2024-11-21 02:35
Severity ?
Summary
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openafs | openafs | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "489B76AE-EA9E-4DB8-BAAE-F589A72E146B",
"versionEndIncluding": "1.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC."
},
{
"lang": "es",
"value": "Vulnerabilidad en OpenAFS en versiones anteriores a 1.6.13, permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (lectura fuera de rango y ca\u00edda) a trav\u00e9s de una expresi\u00f3n regular manipulada en una RPC VL_ListAttributesN2."
}
],
"id": "CVE-2015-6587",
"lastModified": "2024-11-21T02:35:15.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-02T10:59:00.250",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:33
Severity ?
Summary
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6488BA-94B0-4DB7-B8E1-5FA4D9A0C4AF",
"versionEndExcluding": "1.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8B3526-0EE1-42A8-940C-B8FE3768FECA",
"versionEndExcluding": "1.8.5",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer."
},
{
"lang": "es",
"value": "OpenAFS versiones anteriores a la versi\u00f3n 1.6.24 y versiones 1.8.x anteriores a la versi\u00f3n 1.8.5, es propenso al filtrado de informaci\u00f3n en determinadas condiciones de error porque las variables de salida RPC no inicializadas son enviadas a trav\u00e9s de la red a un peer."
}
],
"id": "CVE-2019-18603",
"lastModified": "2024-11-21T04:33:21.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:19.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-001.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-25 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2A0F12-FD00-40B9-86AD-7D082385E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE582B8F-4E31-4D0F-B2F9-AC83C855F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB56D9C9-13B3-418C-B06C-0997E165F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21F23D2F-A01F-4949-A917-D1164E14EAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64576C9A-FCD9-4410-B590-AB43F9F85D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "229AC4E3-AFBA-4EF4-8534-8FBE1E630253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B91503A-E8DC-4DFF-98D4-687B5AE41438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "241A4B59-7BBC-4656-93AC-7DD8BE29EB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "00D0DBDC-1559-406D-AADC-12B5ABDD2BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5294FCC-3933-4CD5-8DFE-BCDC00F4BD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5CA3E33-7CC6-4AC5-999A-3C46D7FD14A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAADC158-B7EF-4135-B383-0DA43065B43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8C0C82-749E-4837-88F8-FB56A753B094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD672FA-918D-48CB-BC03-4E412AF0DCCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B363A4-BB7A-48A2-AE6B-BD2DDD46E7CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "74EF42A5-EC47-4475-81D6-FD1E9C2B8A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "30F2CBEF-6FA1-4E07-8163-6AFEDC93FCE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D133CB0D-8A54-4DAA-9FE8-0B367544DE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2C23BD-1995-4F09-B444-87DDDE21817E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF118BE-6351-4768-A3F0-DFE0065273D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC8B64A-B5A9-4F66-86AD-0288F8E3D62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE08E0AC-71F8-456B-9E88-43E94A6A2F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10CFD4A8-71AE-4F85-B86D-001461ECC2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD3D4A8-934B-420A-AF4A-36DD16E2F851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7AD53C-917A-41CC-83CD-6DF825E2640E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F84C9B-8073-4EBE-AA75-A373772A42EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E921700-C76F-41EA-AA61-6F939ED329CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDBD251-3E96-4068-AD24-E5B1802769E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "23A07568-7B15-49F1-9163-40A0BFF38309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A18760-0921-475E-9104-4DF480697E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD01B5F6-7E91-4FE8-B345-42D58C786FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34002792-689C-45B5-9B5A-94B5342AC20B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "3331166E-ABBA-4326-8EF4-88872B9824A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "302A9220-4C73-4D69-8B62-B64A7E280B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8FC287-D6D8-44BA-9125-3E64624ECDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295C09E5-23C3-4F9E-80FC-B0C4EC34C846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0295B94D-BE71-4DA2-81C5-E5BBCF0E17AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBADEB7-0073-42EB-B53D-ADA227898493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "299D4344-A1DB-4EC3-B1A2-5E07FB2B585F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BE26C0-4A71-43AE-B134-3CE6DE839349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE590EA3-85F6-462A-BCC1-0550192F8F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C30D6962-3DBB-4DF8-A04F-8E47AFEDCF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B60E50-4F5A-4404-BEA3-C94F7D27B156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ECB750B-9F53-4DB6-8B26-71BCCA446FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*",
"matchCriteriaId": "BB113626-38E2-4C42-A6A9-4BBDA0AC4A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*",
"matchCriteriaId": "772E3C7E-9947-414F-8642-18653BB048E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B2E6D1-8C2D-4E15-A6BB-E4FE878ED1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*",
"matchCriteriaId": "8D51EC29-8836-4F87-ABF8-FF7530DECBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*",
"matchCriteriaId": "518B7253-7B0F-4A0A-ADA7-F3E3B5AAF877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "440B7208-34DB-4898-8461-4E703F7EDFB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEC8518-4DBA-43AA-90B8-279F2DD4A2DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8286F3-DF0E-4D8E-A27D-0C5182D5870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5663579C-3AD2-4E5B-A595-C8DB984F9C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*",
"matchCriteriaId": "B306EE13-57CF-43A6-AA72-C641C53A2A23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*",
"matchCriteriaId": "6291BEE1-73D2-4976-B065-E135880F73B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D07AA144-6FD7-4C80-B4F2-D21C1AFC864A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "621C31D9-8102-4F2D-8008-B32020F0B831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF5E9B8-62F9-4A6F-9C0C-551980981366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "29113D8E-9618-4A0E-9157-678332082858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*",
"matchCriteriaId": "F883CF73-CDA0-4B50-98E6-1B5DE0A4A816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C9F200-68AC-4B45-8AFC-F604429FDF3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "313613E9-4837-433C-90EE-84A92E8D24E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "1742BF2B-63C7-441D-9A01-DE65C95911D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*",
"matchCriteriaId": "D30B7C42-CEE8-4377-957C-BCCE35C071A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41AA1290-5039-406F-B195-3A4C018202D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*",
"matchCriteriaId": "B859D7F7-B0A6-4148-8146-F651ED3F99AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*",
"matchCriteriaId": "59EC5B1A-309A-4DE2-A197-F4DC07A8DC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "60CC9410-F6B8-4748-B76F-30626279028E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*",
"matchCriteriaId": "0E7D3C74-CDD2-4DFF-A331-007E1669752A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*",
"matchCriteriaId": "03FA10EA-F6E5-4A89-AC37-40FF6A147528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC67401-C85A-4E4E-AE61-85FEBBF4346B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8E0DF6-D9C2-4DBC-9997-B5BFC6DEC9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E1480B-2183-45AD-B63F-16DEC9BF0398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1C4427AC-07C1-4765-981B-B5D86D698C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*",
"matchCriteriaId": "2D08345C-F945-410C-9DCB-8C358178F975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*",
"matchCriteriaId": "8764BE36-9377-486C-9198-DF79A5A60679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "63EF0CEE-74A9-45C8-8AFD-77815230ACC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*",
"matchCriteriaId": "25243FA1-7AF7-41D4-8FAD-A5AB289E120D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*",
"matchCriteriaId": "94D89730-AA61-4FC9-A6AB-0574CA51EE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5B24D34C-1F95-45C8-9A57-2D2622ED9019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B59E7C-B059-41CD-AE33-E9623ADA12BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF1B657-C910-4BB0-828C-09B6A59D988D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD69805-D021-4DCC-9FB6-A0BEA721408A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*",
"matchCriteriaId": "72D61A9F-AC57-4DD9-9047-74BFA9BFACFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*",
"matchCriteriaId": "C254FC5D-895D-4EFC-B9A7-74699D9FE65E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B13C07CC-F615-4F30-B532-4BF6F02F84DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*",
"matchCriteriaId": "27532639-37CD-4BD2-AE48-F741009D3449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*",
"matchCriteriaId": "F83879DE-1BD7-4FF7-ACC6-5B119DB09BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE3F77A-909E-4947-A808-BCAB7F96A108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"matchCriteriaId": "EED22734-8AAC-4897-BB71-438E19B8A005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA9C28F-18E6-4199-9740-FAB00563EBF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F1E3C7-0FDD-46E1-8748-6A5FF669C95C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E63313-9533-478D-ACC0-C050FBA3EACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0A7D5D-BDD9-45F8-9BE7-3B01D70C8CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2334FD6C-444F-4042-AF6D-D654C18C9950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1EFCB9A7-9121-4FAE-B6FA-96C3A023ACEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cray:unicos:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7725DD-085A-4D3A-8F9E-55C3D4BBDD1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cray:unicos:6.0e:*:*:*:*:*:*:*",
"matchCriteriaId": "544736F7-0E4F-45C1-811B-114CFCBBC895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cray:unicos:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCD6F58-9E37-40F0-AFD5-49523BEA301E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cray:unicos:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA7CE84-9266-4699-8687-50D09FFF6CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cray:unicos:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E9226A7-8253-4AA4-8BD1-31219080261B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cray:unicos:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7D776A-9DC2-4479-8064-BB86E005B2DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cray:unicos:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB0C892-B2B2-4810-A009-AE1809730FE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cray:unicos:9.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "07FF0A62-A4D2-495D-B45B-7439C24F6046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cray:unicos:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4029356-417F-4738-ACE0-B88351EA9010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cray:unicos:9.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A71A88A2-4816-49E6-B549-DA28AB80DBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A585A1-FF82-418F-90F8-072458DB7816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE31DFF8-06AB-489D-A0C5-509C090283B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE1E3D8-2BB1-4FFA-9BC9-7AF347D26190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*",
"matchCriteriaId": "1E8A6564-129A-4555-A5ED-6F65C56AE7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*",
"matchCriteriaId": "237174A4-E030-4A0B-AD0B-5C463603EAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF49BF03-C25E-4737-84D5-892895C86C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*",
"matchCriteriaId": "5D7F8F11-1869-40E2-8478-28B4E946D3CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2019E0E-426B-43AF-8904-1B811AE171E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*",
"matchCriteriaId": "9062BAB5-D437-49BE-A384-39F62434B70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*",
"matchCriteriaId": "6E53C673-9D6D-42C8-A502-033E1FC28D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55C5FC1A-1253-4390-A4FC-573BB14EA937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*",
"matchCriteriaId": "C844A170-B5A7-4703-AF3B-67366D44EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44308D13-D935-4FF8-AB52-F0E115ED1AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*",
"matchCriteriaId": "3D41CB12-7894-4D25-80EC-23C56171D973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*",
"matchCriteriaId": "09789843-6A1A-4CDB-97E8-89E82B79DDB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C001822-FDF8-497C-AC2C-B59A00E9ACD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
"matchCriteriaId": "118211EF-CED7-4EB5-9669-F54C8169D4AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*",
"matchCriteriaId": "9A405AE2-ECC4-4BB0-80DD-4736394FB217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB4AD26-6AF2-4F3A-B602-F231FAABA73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B86C77AB-B8FF-4376-9B4E-C88417396F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*",
"matchCriteriaId": "E5612FB0-8403-4A7E-B89A-D7BDFAC00078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*",
"matchCriteriaId": "A7818E11-1BEB-4DAA-BA7A-A278454BA4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61EBA52A-2D8B-4FB5-866E-AE67CE1842E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE44C49-172C-4899-8CC8-29AA99A7CD2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4259A901-A1CF-44EE-80C4-2031D3FCADC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"matchCriteriaId": "771931F7-9180-4EBD-8627-E1CF17D24647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "9B7A7B90-9086-4A10-8FB4-1C1D909BC173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD9BE2B-7255-4FC1-B452-E8370632B03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB76FE0-BEF3-40D4-B362-0C95CA625A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD0DC0A-ACAD-4870-9C0F-3095F2AC8CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux_series_700:10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8B369244-5327-4946-9C49-AC93AE75866B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:hp-ux_series_800:10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A40F1951-2AC6-402E-95D6-19ECC3F695F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "465B06C4-136D-4CD8-BA38-B6B50511624C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB23261-D5A9-4C49-B08E-97A63ED6F84A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36DF0D51-FCFA-46A3-B834-E80DFA91DFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB726CF-ADA2-4CDA-9786-1E84AC53740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC373FC-88AC-4B6D-A289-51881ACD57F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DA7F0-E3C0-447A-A2B0-ECC928389D84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBE290B-5EC6-4BBA-B645-294C150E417A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE7FDFB-C6A6-4B58-B0B4-236E4EA76EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF053A1-C252-427E-9EEF-27240F422976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48A9C344-45AA-47B9-B35A-1A62E220D9C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "80EB24F0-46A7-481B-83ED-8BB012AE0C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6AEAF0-FA61-4A3F-A083-1218C2027781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60DA30A1-3360-46BC-85B7-008D535F95BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA33E7E2-DE7B-411E-8991-718DA0988C51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1957B3C0-7F25-469B-BC3F-7B09260837ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
"matchCriteriaId": "F66BAF35-A8B9-4E95-B270-444206FDD35B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34EBF074-78C8-41AF-88F1-DA6726E56F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "8F1F312C-413F-4DB4-ABF4-48E33F6FECF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "1894C542-AA81-40A9-BF47-AE24C93C1ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"matchCriteriaId": "0B837BB7-5F62-4CD5-9C64-8553C28EA8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "369207B4-96FA-4324-9445-98FAE8ECF5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39F847DB-65A9-47DA-BCFA-A179E5E2301A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08003947-A4F1-44AC-84C6-9F8D097EB759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n xdrmem_getbytes(), y posiblemente otras funciones, de librerias XDR (representaci\u00f3n de datos externos) derivadas de SunRPC, incluyendo libnsl, libc y glibc permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante ciertos valores enteros en campos de longitud."
}
],
"id": "CVE-2003-0028",
"lastModified": "2024-11-20T23:43:46.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-25T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104810574423662\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104811415301340\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104860855114117\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104878237121402\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105362148313082\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-10.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-272"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-282"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20030318.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/516825"
},
{
"source": "cve@mitre.org",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2003_027_glibc.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-089.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/315638/30/25430/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/316931/30/25250/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20150122-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104810574423662\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104811415301340\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104860855114117\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104878237121402\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105362148313082\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.eeye.com/html/Research/Advisories/AD20030318.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/516825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2003_027_glibc.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/315638/30/25430/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/316931/30/25250/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20150122-0002/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-12 14:59
Modified
2024-11-21 02:29
Severity ?
Summary
The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "489B76AE-EA9E-4DB8-BAAE-F589A72E146B",
"versionEndIncluding": "1.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command."
},
{
"lang": "es",
"value": "Vulnerabilidad en el pioctl para el comando OSD FS en OpenAFS en versiones anteriores a 1.6.13, usa el puntero incorrecto cuando escribe los resultados del RPC, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y kernel panic) a trav\u00e9s de un comando OSD FS manipulado."
}
],
"id": "CVE-2015-3285",
"lastModified": "2024-11-21T02:29:04.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-12T14:59:18.650",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-12 14:59
Modified
2024-11-21 02:29
Severity ?
Summary
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "489B76AE-EA9E-4DB8-BAAE-F589A72E146B",
"versionEndIncluding": "1.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad en OpenAFS en versiones anteriores a 1.6.13, permite a atacantes remotos suplantar comandos bos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-3283",
"lastModified": "2024-11-21T02:29:04.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-12T14:59:16.480",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-06 17:59
Modified
2024-11-21 03:01
Severity ?
Summary
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2016/12/02/9 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/94651 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/12/02/9 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94651 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D58A769-8828-4A9A-9920-FD05C176552A",
"versionEndIncluding": "1.6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses."
},
{
"lang": "es",
"value": "OpenAFS 1.6.19 y versiones anteriores permiten a atacantes remotos obtener informaci\u00f3n de directorio sensible a trav\u00e9s de vectores que implican (1) la partici\u00f3n de cach\u00e9 de cliente, (2) partici\u00f3n del servidor de archivos vice o (3) ciertas respuestas de RPC."
}
],
"id": "CVE-2016-9772",
"lastModified": "2024-11-21T03:01:43.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-06T17:59:00.467",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94651"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/02/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-12 14:59
Modified
2024-11-21 02:29
Severity ?
Summary
pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "489B76AE-EA9E-4DB8-BAAE-F589A72E146B",
"versionEndIncluding": "1.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands."
},
{
"lang": "es",
"value": "Vulnerabilidad en pioctls en OpenAFS 1.6.x en versiones anteriores a 1.6.13, permite a usuarios locales leer la memoria del kernel a trav\u00e9s de comandos manipulados."
}
],
"id": "CVE-2015-3284",
"lastModified": "2024-11-21T02:29:04.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-12T14:59:17.730",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-06-17 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "147E1FC8-AA45-4F4B-96DF-505A84957432",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests."
},
{
"lang": "es",
"value": "OpenAFS versi\u00f3n 1.6.8, no limpia apropiadamente los campos en la estructura del host, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (acceso a la memoria no inicializada y bloqueo) por medio de vectores no especificados relacionados con peticiones TMAY."
}
],
"id": "CVE-2014-4044",
"lastModified": "2024-11-21T02:09:23.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-17T14:55:07.500",
"references": [
{
"source": "cve@mitre.org",
"url": "http://gerrit.openafs.org/#change%2C11283"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/12/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/06/13/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://gerrit.openafs.org/#change%2C11283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/06/13/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68003"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-12 01:29
Modified
2024-11-21 03:53
Severity ?
Summary
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt | Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4302 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4302 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openafs | openafs | * | |
| openafs | openafs | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA89B3F9-E528-4454-AC07-C4CC229CE95C",
"versionEndExcluding": "1.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E83EF0AF-3D2F-46F7-BB02-E3B3841A1487",
"versionEndExcluding": "1.8.2",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume\u0027s content with arbitrary data."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en OpenAFS, en versiones anteriores a la 1.6.23 y versiones 1.8.x anteriores a la 1.8.2. El proceso butc (backup tape controller) acepta los RPC entrantes, pero no requiere (ni permite) la autenticaci\u00f3n de dichos RPC. El manejo de los RPC resulta en que las operaciones se realizan con credenciales de administrador, incluyendo el contenido de los vol\u00famenes dumping/restoring y en que se manipula la base de datos de backups. Por ejemplo, un atacante no autenticado puede reemplazar el contenido de cualquier volumen con datos arbitrarios."
}
],
"id": "CVE-2018-16947",
"lastModified": "2024-11-21T03:53:33.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-12T01:29:00.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4302"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-05 21:55
Modified
2024-11-21 01:54
Severity ?
Summary
The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A71A1B-DCDC-4E72-9C46-49919E4F372C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7150CE0E-A1EC-41EB-AD71-5B6C87289EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEFFEE0-C867-40F1-93F4-239EF1C6E2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD16CAA-1DF0-4BFC-AB76-AD06329080D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC2FFCF-BC84-43FF-8162-C796D3E43317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47FED822-5D5F-4299-9E17-865F9ADDCB09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network."
},
{
"lang": "es",
"value": "El comando vos en OpenAFS 1.6.x anterior a 1.6.5, cuando se utiliza la opci\u00f3n de cifrar, s\u00f3lo permite la protecci\u00f3n de la integridad y env\u00eda los datos en texto claro, lo que permite a atacantes remotos obtener informaci\u00f3n sensible por la inhalaci\u00f3n de la red."
}
],
"id": "CVE-2013-4135",
"lastModified": "2024-11-21T01:54:57.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-05T21:55:12.123",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-09 00:30
Modified
2024-11-21 01:02
Severity ?
Summary
Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A7C398-5356-45D6-AA5C-53E63BC88DCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC8B64A-B5A9-4F66-86AD-0288F8E3D62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE08E0AC-71F8-456B-9E88-43E94A6A2F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10CFD4A8-71AE-4F85-B86D-001461ECC2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD3D4A8-934B-420A-AF4A-36DD16E2F851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7AD53C-917A-41CC-83CD-6DF825E2640E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F84C9B-8073-4EBE-AA75-A373772A42EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E921700-C76F-41EA-AA61-6F939ED329CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9A5221-2DBC-487A-9C6D-84EB9C95EB05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDBD251-3E96-4068-AD24-E5B1802769E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "23A07568-7B15-49F1-9163-40A0BFF38309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A18760-0921-475E-9104-4DF480697E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD01B5F6-7E91-4FE8-B345-42D58C786FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34002792-689C-45B5-9B5A-94B5342AC20B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "3331166E-ABBA-4326-8EF4-88872B9824A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "302A9220-4C73-4D69-8B62-B64A7E280B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8FC287-D6D8-44BA-9125-3E64624ECDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295C09E5-23C3-4F9E-80FC-B0C4EC34C846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0295B94D-BE71-4DA2-81C5-E5BBCF0E17AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBADEB7-0073-42EB-B53D-ADA227898493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0951C53-C62A-4607-B6DB-E6B38DF3A5E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0813CDDB-FF48-4154-81F3-20873A6C6C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6AAAE0E9-BB79-455F-A08E-AC83370DBD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55B65ACE-3BA2-4B42-AEE8-8F647A6399F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E298D9-63FB-4818-A2F1-EDFC287625F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F2EED9-29E6-41E9-A911-D6ED9A08643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "299D4344-A1DB-4EC3-B1A2-5E07FB2B585F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BE26C0-4A71-43AE-B134-3CE6DE839349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE590EA3-85F6-462A-BCC1-0550192F8F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20DB0E2F-782F-4BA1-A81A-5DDDA8CF0A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1399FC-A356-4624-BBA6-059B797B4C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "5D767864-04D5-4571-8B13-CD347ADB3ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "C47CECE6-1BD8-4CC3-B1F8-A4A069004C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "846D8776-DCDF-4BD0-A391-5546BD4B20C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "58C9013E-A08B-441E-AE3F-C688793366FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F37635-C186-4D06-A79C-2A7AB0CFBAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1364B7-D564-4385-B7D7-67184E474712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3D7891-0B48-4C5D-B74B-6810FB4696F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3BF7B2-72FF-4756-A1CC-982A1CD0747C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "832A44D5-3851-4DC5-A37A-B3C356764B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F42FFC-9EA1-471C-8E5F-F8860BB2EA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "91E0060C-4C43-4B4C-88CE-01F5055A9193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1A3516-7785-406E-83B2-96A0FF8461A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "F020E77C-8445-4BE8-A36E-A436102FE83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "39F16D28-5011-4CE3-A656-9F9908E760AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1E040E-020D-4567-BF57-9A2DA7294CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "38D14A4C-D467-431A-A223-9383FD94EB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED10F836-88BE-4832-BE5A-83AE0C798368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA22C60E-64A4-4340-A780-0C85BDACBB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "F407281C-A813-4190-BBF1-FB93779681DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6BEEDA-C1FE-49BA-A829-BA3BBBED1AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "39308049-0C20-4845-9803-529A85CB9682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC63C9E-169F-40B5-A011-2A77B675875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "378F38A7-422C-4603-8120-42DB91C8B90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "69AC18EA-7DB6-4F68-95DD-637D557DDF0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD8DE00-622E-42DC-B1C7-8B9C1300DEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FCFBC7-CDEF-402D-8C11-DD3D112B76CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "22ABC36E-79A7-41A6-8A80-CF3563EE640E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "9E121D95-158B-446D-BECD-D90D348A8CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.34:*:*:*:*:*:*:*",
"matchCriteriaId": "C2993321-45A6-496F-ADC3-B83E52B90ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA6732C-6108-40B1-B9D3-D11D9C18B225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.36:*:*:*:*:*:*:*",
"matchCriteriaId": "A93DE322-6843-4C9C-82F2-2E55FC5231DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.38:*:*:*:*:*:*:*",
"matchCriteriaId": "52D0C9D5-009C-4153-AB84-1DC3191CAC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.39:*:*:*:*:*:*:*",
"matchCriteriaId": "18AAA5FE-D9FE-40A8-804B-C86C2D865958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCB63E5-D32E-41E3-958D-F1991318CFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.52:*:*:*:*:*:*:*",
"matchCriteriaId": "7FDE6F07-DD16-4075-B7C4-4C3B9A194C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.53:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B8EC69-A4CD-42F8-AD25-ACE8DDAE7F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9F3B0624-435B-4A06-BC13-5B47C34E11E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.55:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F90E76-4EF0-4E12-96F9-1007DF457277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.56:*:*:*:*:*:*:*",
"matchCriteriaId": "F3944EFB-9C8C-451E-A339-603FC617A352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.57:*:*:*:*:*:*:*",
"matchCriteriaId": "5B400BB8-53F2-4BC3-842B-42480B52D156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.58:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1C5AD7-141A-4932-9A05-994B6CC69AC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en el gestor de cach\u00e9 en el cliente OpenAFS v1.0 hasta la v1.4.8 y v1.5.0 hasta la 1.5.58 de las plataformas Unix, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una respuesta RX que contenga m\u00e1s datos que los especificados en la petici\u00f3n, relativo al uso de las tablas XDR."
}
],
"id": "CVE-2009-1251",
"lastModified": "2024-11-21T01:02:00.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-09T00:30:00.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34655"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34684"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42896"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-001.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openafs.org/security/openafs-sa-2009-001.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34407"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201101-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/security/OPENAFS-SA-2009-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openafs.org/security/openafs-sa-2009-001.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0117"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-06 21:59
Modified
2024-11-21 02:37
Severity ?
Summary
rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.75:*:*:*:*:*:*:*",
"matchCriteriaId": "D05354C2-8BA9-4FA7-A2C1-D8DC1965D92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.76:*:*:*:*:*:*:*",
"matchCriteriaId": "3057D5C8-AA27-4C1D-AD5A-66DE010A943E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.77:*:*:*:*:*:*:*",
"matchCriteriaId": "001C25DE-7B10-4E60-9C8A-3F87A8FDA169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.78:*:*:*:*:*:*:*",
"matchCriteriaId": "A1EEEF95-F888-4F18-9A66-801CDF190DDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A71A1B-DCDC-4E72-9C46-49919E4F372C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7150CE0E-A1EC-41EB-AD71-5B6C87289EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEFFEE0-C867-40F1-93F4-239EF1C6E2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD16CAA-1DF0-4BFC-AB76-AD06329080D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC2FFCF-BC84-43FF-8162-C796D3E43317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47FED822-5D5F-4299-9E17-865F9ADDCB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FED301E1-B19C-49D7-AF5D-20301BA53E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA403EE6-31FB-47A3-BDBE-72A4277A4EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58385FBA-632C-49B4-8AD0-9B3585845955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3E7D0515-EC70-4B4C-97BE-CA114CA34B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "44179A8B-8908-4EDB-A1E0-00AFDCB42507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "147E1FC8-AA45-4F4B-96DF-505A84957432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D30CA2BC-45C2-4B69-9CED-DF3AEE239947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20AA7D19-73B5-4A82-A864-BE312D25C9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFA845B-2FD7-441B-AC80-7D7C5D858030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "AA143EFF-4AB1-460D-84B9-FA90F9E87438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2D83292C-77F7-4565-93B7-24BFE480A197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8A3310-F7A0-46B2-8772-4598E836B702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B53E1E4E-EC29-4CF5-A60F-531D7D3F51F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "638B85F9-711F-4CC0-BC88-70A0F61D00BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "100D60EE-7D98-4EDE-816D-0A09F2512BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7B667D-236D-4902-AE45-70DC518A8CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E54A4891-9A8F-4669-BFE4-E7A492C23475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "42D64E4E-1CE6-4EC5-B196-56D3EA657D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D16E9D02-7B8A-496F-90E5-24053E2C7B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "537CF7AE-6CDA-41A7-BAA8-CB7775D89BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FB340DB3-B662-4C32-9D12-6C5589B9D442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "52AC5979-4EE0-4C60-8682-214D7CE71E9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "971BC625-0F96-4853-9E25-6461C0E7A9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6417AD77-428D-40E4-B349-4328A0322D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "56D4ED9A-FA72-4802-AEDB-7C6BF85F374B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "681D68F1-A302-4D26-87F2-183905995214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCEF082-2CD3-4A2F-8DCA-83EE444015E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "57956DBF-981B-4053-BE2B-E745BC789419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "00C8BD68-6640-4DCF-A2F5-E6826056F108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB0D161-F503-4608-92DD-0C4D38022EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D951833E-7FB4-4DFB-A274-7D5619B6C7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "87BD5E13-61CF-41FD-8679-D0D0AAF2267B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB154C3-87A0-4083-964D-6F86E8A8FEE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "BC220CAC-E0F1-47A8-A9EC-A1A4424A5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1D73C1-6D22-44AD-AB3E-4EEF54D5A105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E8E8F9-84AF-4413-B386-0CC14FA59BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE7A477-9489-4185-B139-9D5C4B54A048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "594611DF-FFB5-42DE-A2C1-6B0AA52C1821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "1E033C96-2626-41DF-AC9F-554743D0BF1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network."
},
{
"lang": "es",
"value": "rx/rx.c en OpenAFS 1.5.75 hasta la versi\u00f3n 1.5.78, 1.6.x en vesiones anteriores a 1.6.15 y 1.7.x en versiones anteriores a 1.7.33 no inicializa adecuadamente el relleno en el final de un paquete de reconocimiento (ACK) Rx, lo que permite a atacantes remotos obtener informaci\u00f3n sensible (1) llevando a cabo un ataque de repetici\u00f3n o (2) rastreando la red."
}
],
"id": "CVE-2015-7763",
"lastModified": "2024-11-21T02:37:21.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-06T21:59:11.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3387"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034039"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-14 03:13
Modified
2024-11-21 01:50
Severity ?
Summary
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1497402-9268-4A55-B7F3-58247345BD61",
"versionEndIncluding": "1.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "25AA0ACE-A8C6-4234-8EE2-F52438B6F472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E1E141BE-9ECF-4275-BFBD-E3DBF7D86A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8C85F39C-C8D3-4493-8432-5EE3FB231BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C158198E-8D22-41A8-8C24-8ABBE3354F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F377FB25-17B5-48A8-BC3C-3E99649C429E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4033D1-2374-429D-8927-F51EDC24E96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "39308049-0C20-4845-9803-529A85CB9682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC63C9E-169F-40B5-A011-2A77B675875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CC270B-4822-43DB-BD28-50B497EA196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FAC3B7-9F61-448A-B0F0-D581DCDAC87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "851DD68F-4272-4A86-A421-8D41FA63FADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F6CEAEF2-855A-4663-B0FE-71EF470FB227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7986966F-8A0F-4B5F-9C27-39F818782EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABF69BA-857A-45A0-89DD-02476E93390C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "92E099A9-B50E-4DE6-BB38-982967B3700A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA60762-5259-45C8-98D4-7C4E844FD231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "378F38A7-422C-4603-8120-42DB91C8B90D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "69AC18EA-7DB6-4F68-95DD-637D557DDF0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "2041735A-BFB0-4875-937A-B530D2E687B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "03C7293A-0430-478E-B567-9C8505288F83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD8DE00-622E-42DC-B1C7-8B9C1300DEF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FCFBC7-CDEF-402D-8C11-DD3D112B76CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "22ABC36E-79A7-41A6-8A80-CF3563EE640E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "9E121D95-158B-446D-BECD-D90D348A8CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.34:*:*:*:*:*:*:*",
"matchCriteriaId": "C2993321-45A6-496F-ADC3-B83E52B90ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA6732C-6108-40B1-B9D3-D11D9C18B225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.36:*:*:*:*:*:*:*",
"matchCriteriaId": "A93DE322-6843-4C9C-82F2-2E55FC5231DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "79EE6FA8-2127-4011-8C26-6B7A073F863C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.38:*:*:*:*:*:*:*",
"matchCriteriaId": "52D0C9D5-009C-4153-AB84-1DC3191CAC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.39:*:*:*:*:*:*:*",
"matchCriteriaId": "18AAA5FE-D9FE-40A8-804B-C86C2D865958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "ADCB63E5-D32E-41E3-958D-F1991318CFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.51:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF75979-BDA7-46DA-987B-A1D59F95B0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.52:*:*:*:*:*:*:*",
"matchCriteriaId": "7FDE6F07-DD16-4075-B7C4-4C3B9A194C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.53:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B8EC69-A4CD-42F8-AD25-ACE8DDAE7F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9F3B0624-435B-4A06-BC13-5B47C34E11E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.55:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F90E76-4EF0-4E12-96F9-1007DF457277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.56:*:*:*:*:*:*:*",
"matchCriteriaId": "F3944EFB-9C8C-451E-A339-603FC617A352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.57:*:*:*:*:*:*:*",
"matchCriteriaId": "5B400BB8-53F2-4BC3-842B-42480B52D156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.58:*:*:*:*:*:*:*",
"matchCriteriaId": "5A1C5AD7-141A-4932-9A05-994B6CC69AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.59:*:*:*:*:*:*:*",
"matchCriteriaId": "DD49634F-5DA6-4FBA-97EE-936DE63E75C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.60:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC06AB2-1D82-4A0B-9449-F4C72CF5A0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.61:*:*:*:*:*:*:*",
"matchCriteriaId": "9E5486E2-B36D-471D-B356-30BA5D8F3AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.62:*:*:*:*:*:*:*",
"matchCriteriaId": "A386DC5A-0333-4104-8392-014D8BBFF47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.63:*:*:*:*:*:*:*",
"matchCriteriaId": "32A7E126-F38C-4530-AED8-51FA33C81F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.64:*:*:*:*:*:*:*",
"matchCriteriaId": "ED74E6B6-BAFE-4B98-8DC3-C75C321272C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.65:*:*:*:*:*:*:*",
"matchCriteriaId": "5F5F17B3-CF38-4316-A15C-C2EE362881A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.66:*:*:*:*:*:*:*",
"matchCriteriaId": "2EB2BE97-CE66-4779-B39C-47314BD2F1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.67:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6D399-7EB8-40B4-9466-B38CE1887AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.68:*:*:*:*:*:*:*",
"matchCriteriaId": "9C112D17-EF66-4C69-BD90-BFB6E15825E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.69:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF96C2F-2F22-4496-9B9D-240D1CEAF07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.70:*:*:*:*:*:*:*",
"matchCriteriaId": "9C75A947-02E6-4DC0-94CA-06C67A2AB0F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.71:*:*:*:*:*:*:*",
"matchCriteriaId": "0454D60A-8816-4D39-B57F-04F9555200C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.72:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1B6477-930B-4556-B4F4-FECAC862B87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.73:*:*:*:*:*:*:*",
"matchCriteriaId": "3D3DE7BE-0BF9-46B7-9BA6-FB5157CCD184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.74:*:*:*:*:*:*:*",
"matchCriteriaId": "0A15EA7B-CCDB-496C-BF9E-5D1B072F6ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.75:*:*:*:*:*:*:*",
"matchCriteriaId": "D05354C2-8BA9-4FA7-A2C1-D8DC1965D92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.76:*:*:*:*:*:*:*",
"matchCriteriaId": "3057D5C8-AA27-4C1D-AD5A-66DE010A943E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.77:*:*:*:*:*:*:*",
"matchCriteriaId": "001C25DE-7B10-4E60-9C8A-3F87A8FDA169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.78:*:*:*:*:*:*:*",
"matchCriteriaId": "A1EEEF95-F888-4F18-9A66-801CDF190DDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A71A1B-DCDC-4E72-9C46-49919E4F372C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en ciertas utilidades de cliente OpenAFS antes de v1.6.2 que permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un servidor de ficheros larga entrada ACL."
}
],
"id": "CVE-2013-1794",
"lastModified": "2024-11-21T01:50:24.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-14T03:13:37.480",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52342"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52480"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58299"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82582"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-14 15:09
Modified
2024-11-21 02:07
Severity ?
Summary
OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "555DA1F4-5AE1-444C-B9F0-D19959AAC66D",
"versionEndIncluding": "1.6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A71A1B-DCDC-4E72-9C46-49919E4F372C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7150CE0E-A1EC-41EB-AD71-5B6C87289EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEFFEE0-C867-40F1-93F4-239EF1C6E2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD16CAA-1DF0-4BFC-AB76-AD06329080D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC2FFCF-BC84-43FF-8162-C796D3E43317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47FED822-5D5F-4299-9E17-865F9ADDCB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FED301E1-B19C-49D7-AF5D-20301BA53E60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA403EE6-31FB-47A3-BDBE-72A4277A4EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58385FBA-632C-49B4-8AD0-9B3585845955",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet."
},
{
"lang": "es",
"value": "OpenAFS anterior a 1.6.7 retrasa el hilo de escucha cuando falla un RXS_CheckResponse, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (degradaci\u00f3n de rendimiento) a trav\u00e9s de un paquete invalido."
}
],
"id": "CVE-2014-2852",
"lastModified": "2024-11-21T02:07:03.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-14T15:09:06.443",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2899"
},
{
"source": "cve@mitre.org",
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-05 21:55
Modified
2024-11-21 01:54
Severity ?
Summary
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD3D040-25DB-4504-9664-E22705CFC2CF",
"versionEndIncluding": "1.4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC8B64A-B5A9-4F66-86AD-0288F8E3D62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE08E0AC-71F8-456B-9E88-43E94A6A2F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10CFD4A8-71AE-4F85-B86D-001461ECC2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD3D4A8-934B-420A-AF4A-36DD16E2F851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7AD53C-917A-41CC-83CD-6DF825E2640E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F84C9B-8073-4EBE-AA75-A373772A42EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E921700-C76F-41EA-AA61-6F939ED329CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9A5221-2DBC-487A-9C6D-84EB9C95EB05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDBD251-3E96-4068-AD24-E5B1802769E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "23A07568-7B15-49F1-9163-40A0BFF38309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A18760-0921-475E-9104-4DF480697E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CD01B5F6-7E91-4FE8-B345-42D58C786FCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34002792-689C-45B5-9B5A-94B5342AC20B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "3331166E-ABBA-4326-8EF4-88872B9824A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "302A9220-4C73-4D69-8B62-B64A7E280B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2B8FC287-D6D8-44BA-9125-3E64624ECDFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "295C09E5-23C3-4F9E-80FC-B0C4EC34C846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0295B94D-BE71-4DA2-81C5-E5BBCF0E17AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBADEB7-0073-42EB-B53D-ADA227898493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0951C53-C62A-4607-B6DB-E6B38DF3A5E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0813CDDB-FF48-4154-81F3-20873A6C6C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6AAAE0E9-BB79-455F-A08E-AC83370DBD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "55B65ACE-3BA2-4B42-AEE8-8F647A6399F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E298D9-63FB-4818-A2F1-EDFC287625F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F2EED9-29E6-41E9-A911-D6ED9A08643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "299D4344-A1DB-4EC3-B1A2-5E07FB2B585F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BE26C0-4A71-43AE-B134-3CE6DE839349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE590EA3-85F6-462A-BCC1-0550192F8F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20DB0E2F-782F-4BA1-A81A-5DDDA8CF0A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1399FC-A356-4624-BBA6-059B797B4C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "5D767864-04D5-4571-8B13-CD347ADB3ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "C47CECE6-1BD8-4CC3-B1F8-A4A069004C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "846D8776-DCDF-4BD0-A391-5546BD4B20C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "58C9013E-A08B-441E-AE3F-C688793366FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F37635-C186-4D06-A79C-2A7AB0CFBAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89E75B7E-B38C-48AD-B04F-BD705AFF2907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F38E889-0CC0-49E1-9B6C-90D4176C06C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1364B7-D564-4385-B7D7-67184E474712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3D7891-0B48-4C5D-B74B-6810FB4696F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3BF7B2-72FF-4756-A1CC-982A1CD0747C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "832A44D5-3851-4DC5-A37A-B3C356764B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F42FFC-9EA1-471C-8E5F-F8860BB2EA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "91E0060C-4C43-4B4C-88CE-01F5055A9193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F1A3516-7785-406E-83B2-96A0FF8461A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "F020E77C-8445-4BE8-A36E-A436102FE83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "39F16D28-5011-4CE3-A656-9F9908E760AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7_pre5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1E040E-020D-4567-BF57-9A2DA7294CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "38D14A4C-D467-431A-A223-9383FD94EB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED10F836-88BE-4832-BE5A-83AE0C798368",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA22C60E-64A4-4340-A780-0C85BDACBB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.8_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "F407281C-A813-4190-BBF1-FB93779681DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "77998ED3-15AE-4547-AAF3-596F4DC7C399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A71A1B-DCDC-4E72-9C46-49919E4F372C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7150CE0E-A1EC-41EB-AD71-5B6C87289EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEFFEE0-C867-40F1-93F4-239EF1C6E2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD16CAA-1DF0-4BFC-AB76-AD06329080D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC2FFCF-BC84-43FF-8162-C796D3E43317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47FED822-5D5F-4299-9E17-865F9ADDCB09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B53E1E4E-EC29-4CF5-A60F-531D7D3F51F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "638B85F9-711F-4CC0-BC88-70A0F61D00BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "100D60EE-7D98-4EDE-816D-0A09F2512BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7B667D-236D-4902-AE45-70DC518A8CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E54A4891-9A8F-4669-BFE4-E7A492C23475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "42D64E4E-1CE6-4EC5-B196-56D3EA657D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D16E9D02-7B8A-496F-90E5-24053E2C7B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "537CF7AE-6CDA-41A7-BAA8-CB7775D89BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FB340DB3-B662-4C32-9D12-6C5589B9D442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "52AC5979-4EE0-4C60-8682-214D7CE71E9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "971BC625-0F96-4853-9E25-6461C0E7A9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6417AD77-428D-40E4-B349-4328A0322D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "56D4ED9A-FA72-4802-AEDB-7C6BF85F374B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "681D68F1-A302-4D26-87F2-183905995214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCEF082-2CD3-4A2F-8DCA-83EE444015E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "57956DBF-981B-4053-BE2B-E745BC789419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "00C8BD68-6640-4DCF-A2F5-E6826056F108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB0D161-F503-4608-92DD-0C4D38022EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D951833E-7FB4-4DFB-A274-7D5619B6C7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "87BD5E13-61CF-41FD-8679-D0D0AAF2267B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB154C3-87A0-4083-964D-6F86E8A8FEE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key."
},
{
"lang": "es",
"value": "OpenAFS anterior a 1.4.15, 1.6.x anterior a 1.6.5 y 1.7.x anterior a 1.7.26 utiliza cifrado d\u00e9bil (DES) para las claves de Kerberos, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos para obtener la clave de servicio."
}
],
"id": "CVE-2013-4134",
"lastModified": "2024-11-21T01:54:56.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-05T21:55:08.890",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2013/dsa-2729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-12 14:59
Modified
2024-11-21 02:29
Severity ?
Summary
vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "489B76AE-EA9E-4DB8-BAAE-F589A72E146B",
"versionEndIncluding": "1.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network."
},
{
"lang": "es",
"value": "Vulnerabilidad en vos en OpenAFS en versiones anteriores a 1.6.13, cuando se actualizan las entradas VLDB, permite a atacantes remotos obtener informaci\u00f3n de la pila de memoria rastreando la red."
}
],
"id": "CVE-2015-3282",
"lastModified": "2024-11-21T02:29:04.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-12T14:59:14.120",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-12 14:59
Modified
2024-11-21 02:29
Severity ?
Summary
Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "489B76AE-EA9E-4DB8-BAAE-F589A72E146B",
"versionEndIncluding": "1.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en la extensi\u00f3n de kernel Solaris en OpenAFS en versiones anteriores a 1.6.13, permite a usuarios locales causar una denegaci\u00f3n de servicio (panic o bloqueo) o posiblemente tener otro impacto no especificado a trav\u00e9s de una lista de grupo de gran tama\u00f1o cuando se unen a un PAG."
}
],
"id": "CVE-2015-3286",
"lastModified": "2024-11-21T02:29:04.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-12T14:59:19.730",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-19 01:00
Modified
2024-11-21 01:23
Severity ?
Summary
The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F42FFC-9EA1-471C-8E5F-F8860BB2EA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "77998ED3-15AE-4547-AAF3-596F4DC7C399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "722F4AB9-D515-4616-996E-37C2A6007AA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "La funci\u00f3n afs_linux_lock en afs/Linux/osi_vnodeops.c en el m\u00f3dulo del kernel en OpenAFS v1.4.14, v1.4.12, v1.4.7, y posiblemente otras versiones no controla correctamente los errores, que permite a atacantes provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos. NOTA: Algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2011-0431",
"lastModified": "2024-11-21T01:23:57.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-19T01:00:03.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43371"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43407"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46428"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025095"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-06 21:59
Modified
2024-11-21 02:37
Severity ?
Summary
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openafs | openafs | * | |
| openafs | openafs | 1.7.1 | |
| openafs | openafs | 1.7.2 | |
| openafs | openafs | 1.7.3 | |
| openafs | openafs | 1.7.4 | |
| openafs | openafs | 1.7.8 | |
| openafs | openafs | 1.7.10 | |
| openafs | openafs | 1.7.11 | |
| openafs | openafs | 1.7.12 | |
| openafs | openafs | 1.7.13 | |
| openafs | openafs | 1.7.14 | |
| openafs | openafs | 1.7.15 | |
| openafs | openafs | 1.7.16 | |
| openafs | openafs | 1.7.17 | |
| openafs | openafs | 1.7.18 | |
| openafs | openafs | 1.7.19 | |
| openafs | openafs | 1.7.20 | |
| openafs | openafs | 1.7.21 | |
| openafs | openafs | 1.7.22 | |
| openafs | openafs | 1.7.23 | |
| openafs | openafs | 1.7.24 | |
| openafs | openafs | 1.7.25 | |
| openafs | openafs | 1.7.26 | |
| openafs | openafs | 1.7.27 | |
| openafs | openafs | 1.7.28 | |
| openafs | openafs | 1.7.29 | |
| openafs | openafs | 1.7.30 | |
| openafs | openafs | 1.7.31 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02EABE34-961A-4687-8E59-012D9EAF7D73",
"versionEndIncluding": "1.6.14.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B53E1E4E-EC29-4CF5-A60F-531D7D3F51F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "638B85F9-711F-4CC0-BC88-70A0F61D00BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "100D60EE-7D98-4EDE-816D-0A09F2512BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7B667D-236D-4902-AE45-70DC518A8CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E54A4891-9A8F-4669-BFE4-E7A492C23475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "42D64E4E-1CE6-4EC5-B196-56D3EA657D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D16E9D02-7B8A-496F-90E5-24053E2C7B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "537CF7AE-6CDA-41A7-BAA8-CB7775D89BB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "FB340DB3-B662-4C32-9D12-6C5589B9D442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "52AC5979-4EE0-4C60-8682-214D7CE71E9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "971BC625-0F96-4853-9E25-6461C0E7A9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6417AD77-428D-40E4-B349-4328A0322D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "56D4ED9A-FA72-4802-AEDB-7C6BF85F374B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "681D68F1-A302-4D26-87F2-183905995214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BCCEF082-2CD3-4A2F-8DCA-83EE444015E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "57956DBF-981B-4053-BE2B-E745BC789419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "00C8BD68-6640-4DCF-A2F5-E6826056F108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB0D161-F503-4608-92DD-0C4D38022EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D951833E-7FB4-4DFB-A274-7D5619B6C7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "87BD5E13-61CF-41FD-8679-D0D0AAF2267B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB154C3-87A0-4083-964D-6F86E8A8FEE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.26:*:*:*:*:*:*:*",
"matchCriteriaId": "BC220CAC-E0F1-47A8-A9EC-A1A4424A5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1D73C1-6D22-44AD-AB3E-4EEF54D5A105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E8E8F9-84AF-4413-B386-0CC14FA59BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.29:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE7A477-9489-4185-B139-9D5C4B54A048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "594611DF-FFB5-42DE-A2C1-6B0AA52C1821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "1E033C96-2626-41DF-AC9F-554743D0BF1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network."
},
{
"lang": "es",
"value": "rx/rx.c en OpenAFS en versiones anteriores a 1.6.15 y 1.7.x en versiones anteriores a 1.7.33 no inicializa adecuadamente el relleno de una estructura de datos cuando construye un paquete de reconocimiento (ACK) Rx, lo que permite a atacantes remotos obtener informaci\u00f3n sensible (1) llevando a cabo un ataque de repetici\u00f3n o (2) rastreando la red."
}
],
"id": "CVE-2015-7762",
"lastModified": "2024-11-21T02:37:21.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-06T21:59:09.017",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3387"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034039"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-20 10:19
Modified
2024-11-21 00:28
Severity ?
Summary
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openafs | openafs | 1.4.0 | |
| openafs | openafs | 1.4.1 | |
| openafs | openafs | 1.4.2 | |
| openafs | openafs | 1.4.3 | |
| openafs | openafs | 1.4.4 | |
| openafs | openafs | 1.5.0 | |
| openafs | openafs | 1.5.1 | |
| openafs | openafs | 1.5.2 | |
| openafs | openafs | 1.5.3 | |
| openafs | openafs | 1.5.5 | |
| openafs | openafs | 1.5.6 | |
| openafs | openafs | 1.5.7 | |
| openafs | openafs | 1.5.8 | |
| openafs | openafs | 1.5.9 | |
| openafs | openafs | 1.5.10 | |
| openafs | openafs | 1.5.11 | |
| openafs | openafs | 1.5.12 | |
| openafs | openafs | 1.5.13 | |
| openafs | openafs | 1.5.14 | |
| openafs | openafs | 1.5.15 | |
| openafs | openafs | 1.5.16 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F37635-C186-4D06-A79C-2A7AB0CFBAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89E75B7E-B38C-48AD-B04F-BD705AFF2907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F38E889-0CC0-49E1-9B6C-90D4176C06C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1364B7-D564-4385-B7D7-67184E474712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3D7891-0B48-4C5D-B74B-6810FB4696F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "382FC10C-4C00-438C-89AD-7D68C5D27873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77564116-CF64-4D8D-BA54-A8E9BCA95EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "237C1DCE-D907-4552-9EC0-05209A64D0E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC82946D-1211-4382-8D48-5F5B55E4DF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06DA2004-0A16-4D10-82FF-6CB2AC578331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4D5363-E9B9-4B60-9B22-F6FDF3DCA6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C1538B29-860C-4FF4-A807-46509FBFEC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2F81B547-2DE0-4707-94B6-1878E820883C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9FD959-477E-4DF1-A115-D59D21EB0568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "25AA0ACE-A8C6-4234-8EE2-F52438B6F472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E1E141BE-9ECF-4275-BFBD-E3DBF7D86A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8C85F39C-C8D3-4493-8432-5EE3FB231BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C158198E-8D22-41A8-8C24-8ABBE3354F33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F377FB25-17B5-48A8-BC3C-3E99649C429E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4033D1-2374-429D-8927-F51EDC24E96B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "39308049-0C20-4845-9803-529A85CB9682",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache."
},
{
"lang": "es",
"value": "La configuraci\u00f3n predeterminada en OpenAFS versiones 1.4.x anteriores a 1.4.4 y versiones 1.5.x anteriores a 1.5.17, admite programas setuid dentro de la celda local, lo que podr\u00eda permitir a atacantes alcanzar privilegios suplantando una respuesta a una petici\u00f3n FetchStatus del administrador de cach\u00e9 AFS y establecer la propiedad de setuid y root para archivos en la memoria cach\u00e9."
}
],
"id": "CVE-2007-1507",
"lastModified": "2024-11-21T00:28:29.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-20T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24582"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24599"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24607"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24720"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200704-03.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1271"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:066"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000185.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000186.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000187.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23060"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017807"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1033"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200704-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000185.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000186.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openafs.org/pipermail/openafs-announce/2007/000187.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33180"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-06 00:29
Modified
2024-11-21 03:17
Severity ?
Summary
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/883602 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html | ||
| cve@mitre.org | https://www.debian.org/security/2017/dsa-4067 | Third Party Advisory | |
| cve@mitre.org | https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/883602 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-4067 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openafs | openafs | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68679623-B0CD-4643-9890-1D01D6570BDA",
"versionEndExcluding": "1.6.22",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value."
},
{
"lang": "es",
"value": "OpenAFS en versiones 1.x anteriores a la 1.6.22 no valida paquetes Rx ack correctamente, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado del sistema o de la aplicaci\u00f3n) mediante campos manipulados, tal y como demuestra un subdesbordamiento de enteros y fallo de aserci\u00f3n para un valor MTU peque\u00f1o."
}
],
"id": "CVE-2017-17432",
"lastModified": "2024-11-21T03:17:55.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-06T00:29:00.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/883602"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4067"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/883602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-4067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-19 01:00
Modified
2024-11-21 01:23
Severity ?
Summary
Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F42FFC-9EA1-471C-8E5F-F8860BB2EA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "77998ED3-15AE-4547-AAF3-596F4DC7C399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "722F4AB9-D515-4616-996E-37C2A6007AA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors."
},
{
"lang": "es",
"value": "Doble vulnerabilidad en el proceso del Rx Server en OpenAFS v1.4.14, v1.4.12, v1.4.7 y posiblemente otras versiones permite a atacantes remotos provocar una denegaci\u00f3n de servicio y ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2011-0430",
"lastModified": "2024-11-21T01:23:57.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-19T01:00:03.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43371"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43407"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46428"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025095"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0411"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:33
Severity ?
Summary
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6488BA-94B0-4DB7-B8E1-5FA4D9A0C4AF",
"versionEndExcluding": "1.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8B3526-0EE1-42A8-940C-B8FE3768FECA",
"versionEndExcluding": "1.8.5",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler."
},
{
"lang": "es",
"value": "OpenAFS versiones anteriores a 1.6.24 y versiones 1.8.x anteriores a 1.8.5, es propenso a una denegaci\u00f3n de servicio por acceso a datos no serializados porque los atacantes remotos pueden llevar a cabo una serie de llamadas RPC de VOTE_Debug para bloquear un servidor de base de datos dentro del manejador RPC de SVOTE_Debug."
}
],
"id": "CVE-2019-18601",
"lastModified": "2024-11-21T04:33:20.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:19.500",
"references": [
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-003.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-29 19:15
Modified
2024-11-21 04:33
Severity ?
Summary
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6488BA-94B0-4DB7-B8E1-5FA4D9A0C4AF",
"versionEndExcluding": "1.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8B3526-0EE1-42A8-940C-B8FE3768FECA",
"versionEndExcluding": "1.8.5",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer."
},
{
"lang": "es",
"value": "OpenAFS versiones anteriores a la versi\u00f3n 1.6.24 y versiones anteriores 1.8.x anteriores a 1.8.5, es propenso a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n porque los escalares no inicializados son enviados a trav\u00e9s de la red a un peer."
}
],
"id": "CVE-2019-18602",
"lastModified": "2024-11-21T04:33:20.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:19.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://openafs.org/pages/security/OPENAFS-SA-2019-002.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}