Lucene search

K
debianDebianDEBIAN:DLA-1982-1:4D594
HistoryNov 06, 2019 - 12:08 a.m.

[SECURITY] [DLA 1982-1] openafs security update

2019-11-0600:08:55
lists.debian.org
53

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

61.5%

Package : openafs
Version : 1.6.9-2+deb8u9
CVE ID : CVE-2019-18601 CVE-2019-18602 CVE-2019-18603
Debian Bug : 943587

Several security vulnerabilities were discovered in OpenAFS, a
distributed file system.

CVE-2019-18601

OpenAFS is prone to denial of service from unserialized data access
because remote attackers can make a series of VOTE_Debug RPC calls
to crash a database server within the SVOTE_Debug RPC handler.

CVE-2019-18602

OpenAFS is prone to an information disclosure vulnerability because
uninitialized scalars are sent over the network to a peer.

CVE-2019-18603

OpenAFS is prone to information leakage upon certain error
conditions because uninitialized RPC output variables are sent over
the network to a peer.

For Debian 8 "Jessie", these problems have been fixed in version
1.6.9-2+deb8u9.

We recommend that you upgrade your openafs packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

61.5%