Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200801-04
HistoryJan 09, 2008 - 12:00 a.m.

OpenAFS: Denial of service

2008-01-0900:00:00
Gentoo Foundation
security.gentoo.org
10

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.078 Low

EPSS

Percentile

94.3%

JSON

Background

OpenAFS is a distributed network filesystem.

Description

Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a race condition due to an improper handling of the clients callbacks lists.

Impact

A remote attacker could construct cases which trigger the race condition, resulting in a server crash.

Workaround

There is no known workaround at this time.

Resolution

All OpenAFS users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-fs/openafs-1.4.6"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-fs/openafs< 1.4.6UNKNOWN

Related

openvas 4
prion 1
osv 1
nessus 4
nvd 1
cvelist 1
ubuntucve 1
cve 1
securityvulns 2
debian 2
debiancve 1
seebug 1
openvas
openvas
Debian Security Advisory DSA 1458-1 (openafs)
2008-01-31 00:00:00
Gentoo Security Advisory GLSA 200801-04 (openafs)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200801-04 (openafs)
2008-09-24 00:00:00
prion
prion
Race condition
2008-01-04 02:46:00
osv
osv
openafs
2008-01-10 00:00:00
nessus
nessus
GLSA-200801-04 : OpenAFS: Denial of Service
2008-01-10 00:00:00
Mandriva Linux Security Advisory : openafs (MDVSA-2008:207)
2009-04-23 00:00:00
Debian DSA-1458-1 : openafs - programming error
2008-01-14 00:00:00
nvd
nvd
CVE-2007-6599
2008-01-04 02:46:00
cvelist
cvelist
CVE-2007-6599
2008-01-04 02:00:00
ubuntucve
ubuntucve
CVE-2007-6599
2008-01-04 00:00:00
cve
cve
CVE-2007-6599
2008-01-04 02:46:00
securityvulns
securityvulns
[SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
2008-01-12 00:00:00
OpenAFS race conditions
2008-01-12 00:00:00
debian
debian
[SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
2008-01-10 20:47:39
[SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
2008-01-10 20:47:39
debiancve
debiancve
CVE-2007-6599
2008-01-04 02:46:00
seebug
seebug
OpenAFS文件服务器远程拒绝服务漏洞
2008-01-08 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.078 Low

EPSS

Percentile

94.3%

JSON
Related for GLSA-200801-04
openvas4prion1osv1nessus4nvd1cvelist1ubuntucve1cve1securityvulns2debian2debiancve1seebug1