ID DEBIAN:DLA-733-1:B1855
Type debian
Reporter Debian
Modified 2016-12-03T22:42:13
Description
Package : openafs
Version : 1.6.1-3+deb7u7
CVE ID : CVE-2016-9772
It was discovered that there was an information leak vulnerability in
openafs, a distributed filesystem.
Due to incomplete initialization or clearing of reused memory, OpenAFS
directory objects are likely to contain 'dead' directory entry
information.
For Debian 7 "Wheezy", this issue has been fixed in openafs version
1.6.1-3+deb7u7.
We recommend that you upgrade your openafs packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
{"id": "DEBIAN:DLA-733-1:B1855", "bulletinFamily": "unix", "title": "[SECURITY] [DLA 733-1] openafs security update", "description": "Package : openafs\nVersion : 1.6.1-3+deb7u7\nCVE ID : CVE-2016-9772\n\nIt was discovered that there was an information leak vulnerability in\nopenafs, a distributed filesystem.\n\nDue to incomplete initialization or clearing of reused memory, OpenAFS\ndirectory objects are likely to contain 'dead' directory entry\ninformation.\n\nFor Debian 7 "Wheezy", this issue has been fixed in openafs version\n1.6.1-3+deb7u7.\n\nWe recommend that you upgrade your openafs packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "published": "2016-12-03T22:42:13", "modified": "2016-12-03T22:42:13", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201612/msg00005.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2016-9772"], "type": "debian", "lastseen": "2019-05-30T02:22:51", "edition": 3, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-9772"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4067.NASL", "DEBIAN_DLA-733.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4067-1:025B9"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704067"]}], "modified": "2019-05-30T02:22:51", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2019-05-30T02:22:51", "rev": 2}, "vulnersScore": 5.4}, "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "arch": "all", "operator": "lt", "packageFilename": "openafs_1.6.1-3+deb7u7_all.deb", "packageName": "openafs", "packageVersion": "1.6.1-3+deb7u7"}], "scheme": null, "immutableFields": []}
{"cve": [{"lastseen": "2021-04-22T23:58:54", "description": "OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-02-06T17:59:00", "title": "CVE-2016-9772", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9772"], "modified": "2017-02-08T18:46:00", "cpe": ["cpe:/a:openafs:openafs:1.6.19"], "id": "CVE-2016-9772", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9772", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:openafs:openafs:1.6.19:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-12T09:44:05", "description": "It was discovered that there was an information leak vulnerability in\nopenafs, a distributed filesystem.\n\nDue to incomplete initialization or clearing of reused memory, OpenAFS\ndirectory objects are likely to contain 'dead' directory entry\ninformation.\n\nFor Debian 7 'Wheezy', this issue has been fixed in openafs version\n1.6.1-3+deb7u7.\n\nWe recommend that you upgrade your openafs packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 19, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2016-12-05T00:00:00", "title": "Debian DLA-733-1 : openafs security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9772"], "modified": "2016-12-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libafsrpc1", "p-cpe:/a:debian:debian_linux:openafs-client", "p-cpe:/a:debian:debian_linux:openafs-modules-source", "p-cpe:/a:debian:debian_linux:openafs-kpasswd", "p-cpe:/a:debian:debian_linux:openafs-fuse", "p-cpe:/a:debian:debian_linux:openafs-dbg", "p-cpe:/a:debian:debian_linux:libpam-openafs-kaserver", "p-cpe:/a:debian:debian_linux:libkopenafs1", "p-cpe:/a:debian:debian_linux:openafs-modules-dkms", "p-cpe:/a:debian:debian_linux:libopenafs-dev", "p-cpe:/a:debian:debian_linux:openafs-krb5", "p-cpe:/a:debian:debian_linux:openafs-dbserver", "p-cpe:/a:debian:debian_linux:openafs-doc", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:openafs-fileserver", "p-cpe:/a:debian:debian_linux:libafsauthent1"], "id": "DEBIAN_DLA-733.NASL", "href": "https://www.tenable.com/plugins/nessus/95486", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-733-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95486);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9772\");\n\n script_name(english:\"Debian DLA-733-1 : openafs security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was an information leak vulnerability in\nopenafs, a distributed filesystem.\n\nDue to incomplete initialization or clearing of reused memory, OpenAFS\ndirectory objects are likely to contain 'dead' directory entry\ninformation.\n\nFor Debian 7 'Wheezy', this issue has been fixed in openafs version\n1.6.1-3+deb7u7.\n\nWe recommend that you upgrade your openafs packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/12/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openafs\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libafsauthent1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libafsrpc1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libkopenafs1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libopenafs-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpam-openafs-kaserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openafs-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openafs-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openafs-dbserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openafs-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openafs-fileserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openafs-fuse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openafs-kpasswd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openafs-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openafs-modules-dkms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openafs-modules-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libafsauthent1\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libafsrpc1\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libkopenafs1\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libopenafs-dev\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpam-openafs-kaserver\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openafs-client\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openafs-dbg\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openafs-dbserver\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openafs-doc\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openafs-fileserver\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openafs-fuse\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openafs-kpasswd\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openafs-krb5\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openafs-modules-dkms\", reference:\"1.6.1-3+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openafs-modules-source\", reference:\"1.6.1-3+deb7u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T09:51:12", "description": "It was discovered that malformed jumbogram packets could result in\ndenial of service against OpenAFS, an implementation of the Andrew\ndistributed file system.", "edition": 27, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-12-18T00:00:00", "title": "Debian DSA-4067-1 : openafs - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9772", "CVE-2017-17432", "CVE-2016-4536"], "modified": "2017-12-18T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:openafs", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4067.NASL", "href": "https://www.tenable.com/plugins/nessus/105331", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4067. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105331);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-17432\");\n script_xref(name:\"DSA\", value:\"4067\");\n\n script_name(english:\"Debian DSA-4067-1 : openafs - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that malformed jumbogram packets could result in\ndenial of service against OpenAFS, an implementation of the Andrew\ndistributed file system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-9772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openafs\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openafs\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openafs\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-4067\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openafs packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.6.9-2+deb8u6. This update also provides corrections for\nCVE-2016-4536 and CVE-2016-9772.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.6.20-2+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openafs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libafsauthent1\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libafsrpc1\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libkopenafs1\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libopenafs-dev\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpam-openafs-kaserver\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openafs-client\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openafs-dbg\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openafs-dbserver\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openafs-doc\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openafs-fileserver\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openafs-fuse\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openafs-kpasswd\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openafs-krb5\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openafs-modules-dkms\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openafs-modules-source\", reference:\"1.6.9-2+deb8u6\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libafsauthent1\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libafsrpc1\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libkopenafs1\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libopenafs-dev\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpam-openafs-kaserver\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openafs-client\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openafs-dbserver\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openafs-doc\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openafs-fileserver\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openafs-fuse\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openafs-kpasswd\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openafs-krb5\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openafs-modules-dkms\", reference:\"1.6.20-2+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openafs-modules-source\", reference:\"1.6.20-2+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2019-07-04T19:02:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9772", "CVE-2017-17432", "CVE-2016-4536"], "description": "It was discovered that malformed jumbogram packets could result in\ndenial of service against OpenAFS, an implementation of the Andrew\ndistributed file system.", "modified": "2019-07-04T00:00:00", "published": "2017-12-17T00:00:00", "id": "OPENVAS:1361412562310704067", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704067", "type": "openvas", "title": "Debian Security Advisory DSA 4067-1 (openafs - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4067-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704067\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2016-4536\", \"CVE-2016-9772\", \"CVE-2017-17432\");\n script_name(\"Debian Security Advisory DSA 4067-1 (openafs - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-12-17 00:00:00 +0100 (Sun, 17 Dec 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4067.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"openafs on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 1.6.9-2+deb8u6. This update also provides corrections for\nCVE-2016-4536 and CVE-2016-9772\n.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.6.20-2+deb9u1.\n\nWe recommend that you upgrade your openafs packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/openafs\");\n script_tag(name:\"summary\", value:\"It was discovered that malformed jumbogram packets could result in\ndenial of service against OpenAFS, an implementation of the Andrew\ndistributed file system.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libafsauthent1\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libafsrpc1\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkopenafs1\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libopenafs-dev\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpam-openafs-kaserver\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-client\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-dbserver\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-doc\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-fileserver\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-fuse\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-kpasswd\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-krb5\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-modules-dkms\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-modules-source\", ver:\"1.6.20-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libafsauthent1\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libafsrpc1\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libkopenafs1\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libopenafs-dev\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpam-openafs-kaserver\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-client\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-dbg\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-dbserver\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-doc\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-fileserver\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-fuse\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-kpasswd\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-krb5\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-modules-dkms\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openafs-modules-source\", ver:\"1.6.9-2+deb8u6\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2021-01-11T01:31:58", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9772", "CVE-2017-17432", "CVE-2016-4536"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4067-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 17, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openafs\nCVE ID : CVE-2017-17432\n\nIt was discovered that malformed jumbogram packets could result in\ndenial of service against OpenAFS, an implementation of the Andrew\ndistributed file system.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.6.9-2+deb8u6. This update also provides corrections for\nCVE-2016-4536 and CVE-2016-9772.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.6.20-2+deb9u1.\n\nWe recommend that you upgrade your openafs packages.\n\nFor the detailed security status of openafs please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openafs\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 12, "modified": "2017-12-17T18:55:26", "published": "2017-12-17T18:55:26", "id": "DEBIAN:DSA-4067-1:025B9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00330.html", "title": "[SECURITY] [DSA 4067-1] openafs security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}
