FKIE_CVE-2014-0159

Vulnerability from fkie_nvd - Published: 2014-04-14 15:09 - Updated: 2025-04-12 10:46
Severity ?
Summary
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.
References
secalert@redhat.comhttp://openafs.org/pages/security/OPENAFS-SA-2014-001.txtVendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/57779Permissions Required, Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/57832Permissions Required, Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-2899Third Party Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:244Broken Link
secalert@redhat.comhttp://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLogIssue Tracking, Release Notes
af854a3a-2127-422b-91ae-364da2661108http://openafs.org/pages/security/OPENAFS-SA-2014-001.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57779Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57832Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-2899Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2014:244Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLogIssue Tracking, Release Notes
Impacted products
Vendor Product Version
openafs openafs 1.4.8
openafs openafs 1.4.9
openafs openafs 1.4.10
openafs openafs 1.4.11
openafs openafs 1.4.12
openafs openafs 1.4.14
openafs openafs 1.4.14.1
openafs openafs 1.4.15
openafs openafs 1.6.0
openafs openafs 1.6.1
openafs openafs 1.6.2
openafs openafs 1.6.2.1
openafs openafs 1.6.3
openafs openafs 1.6.4
openafs openafs 1.6.5
openafs openafs 1.6.5.1
openafs openafs 1.6.5.2
openafs openafs 1.6.6
debian debian_linux 7.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D14A4C-D467-431A-A223-9383FD94EB12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E01F11-9AAD-45BA-87A0-F718933CBF98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED2A139B-2C74-420C-8730-0832D5536A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB522B81-9FD9-4A1F-A04D-FB319A0252ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "77998ED3-15AE-4547-AAF3-596F4DC7C399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "722F4AB9-D515-4616-996E-37C2A6007AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.4.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0798F6F7-6717-4BE1-9AF6-B15FB2A4D888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "997D6E5C-933D-4747-BD62-C66BC4E2B3E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A71A1B-DCDC-4E72-9C46-49919E4F372C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7150CE0E-A1EC-41EB-AD71-5B6C87289EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EEFFEE0-C867-40F1-93F4-239EF1C6E2AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBD16CAA-1DF0-4BFC-AB76-AD06329080D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AC2FFCF-BC84-43FF-8162-C796D3E43317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "47FED822-5D5F-4299-9E17-865F9ADDCB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED301E1-B19C-49D7-AF5D-20301BA53E60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA403EE6-31FB-47A3-BDBE-72A4277A4EC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "58385FBA-632C-49B4-8AD0-9B3585845955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openafs:openafs:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E7D0515-EC70-4B4C-97BE-CA114CA34B2E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en la llamada de procedimientos remotos (RPC) GetStatistics64 en OpenAFS 1.4.8 anterior a 1.6.7 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un argumento statsVersion manipulado."
    }
  ],
  "id": "CVE-2014-0159",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-14T15:09:05.990",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/57779"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/57832"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2899"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Release Notes"
      ],
      "url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/57779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/57832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2014/dsa-2899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Release Notes"
      ],
      "url": "http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.