Lucene search
HistoryNov 06, 2015 - 9:59 p.m.
CVE-2015-7762
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6
Confidence
Low
EPSS
0.007
Percentile
80.2%
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
Affected configurations
Node
openafsopenafsRange≤1.6.14.1
ORopenafsopenafsMatch1.7.1
ORopenafsopenafsMatch1.7.2
ORopenafsopenafsMatch1.7.3
ORopenafsopenafsMatch1.7.4
ORopenafsopenafsMatch1.7.8
ORopenafsopenafsMatch1.7.10
ORopenafsopenafsMatch1.7.11
ORopenafsopenafsMatch1.7.12
ORopenafsopenafsMatch1.7.13
ORopenafsopenafsMatch1.7.14
ORopenafsopenafsMatch1.7.15
ORopenafsopenafsMatch1.7.16
ORopenafsopenafsMatch1.7.17
ORopenafsopenafsMatch1.7.18
ORopenafsopenafsMatch1.7.19
ORopenafsopenafsMatch1.7.20
ORopenafsopenafsMatch1.7.21
ORopenafsopenafsMatch1.7.22
ORopenafsopenafsMatch1.7.23
ORopenafsopenafsMatch1.7.24
ORopenafsopenafsMatch1.7.25
ORopenafsopenafsMatch1.7.26
ORopenafsopenafsMatch1.7.27
ORopenafsopenafsMatch1.7.28
ORopenafsopenafsMatch1.7.29
ORopenafsopenafsMatch1.7.30
ORopenafsopenafsMatch1.7.31
Node
debiandebian_linuxMatch7.0
ORdebiandebian_linuxMatch8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| openafs | openafs | * | cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:* |
| openafs | openafs | 1.7.1 | cpe:2.3:a:openafs:openafs:1.7.1:*:*:*:*:*:*:* |
| openafs | openafs | 1.7.2 | cpe:2.3:a:openafs:openafs:1.7.2:*:*:*:*:*:*:* |
| openafs | openafs | 1.7.3 | cpe:2.3:a:openafs:openafs:1.7.3:*:*:*:*:*:*:* |
| openafs | openafs | 1.7.4 | cpe:2.3:a:openafs:openafs:1.7.4:*:*:*:*:*:*:* |
| openafs | openafs | 1.7.8 | cpe:2.3:a:openafs:openafs:1.7.8:*:*:*:*:*:*:* |
| openafs | openafs | 1.7.10 | cpe:2.3:a:openafs:openafs:1.7.10:*:*:*:*:*:*:* |
| openafs | openafs | 1.7.11 | cpe:2.3:a:openafs:openafs:1.7.11:*:*:*:*:*:*:* |
| openafs | openafs | 1.7.12 | cpe:2.3:a:openafs:openafs:1.7.12:*:*:*:*:*:*:* |
| openafs | openafs | 1.7.13 | cpe:2.3:a:openafs:openafs:1.7.13:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2015-11-06 21:59:00
debiancve
debiancve
CVE-2015-7762
2015-11-06 21:59:09
cve
cve
CVE-2015-7762
2015-11-06 21:59:09
cvelist
cvelist
CVE-2015-7762
2015-11-06 21:00:00
ubuntucve
ubuntucve
CVE-2015-7762
2015-11-06 00:00:00
debian
debian
[SECURITY] [DSA 3387-1] openafs security update
2015-11-01 21:36:42
[SECURITY] [DLA 342-1] openafs security update
2015-11-18 08:30:32
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0424)
2015-11-08 00:00:00
OpenAFS Multiple Information Disclosure Vulnerabilities - Windows
2016-06-08 00:00:00
Debian Security Advisory DSA 3387-1 (openafs - security update)
2016-05-06 00:00:00
nessus
nessus
Debian DSA-3387-1 : openafs - security update
2015-11-02 00:00:00
freebsd
freebsd
openafs -- information disclosure
2015-10-28 00:00:00
mageia
mageia
Updated openafs packages fix security vulnerabilities
2015-11-02 23:21:29
osv
osv
openafs - security update
2015-11-18 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6
Confidence
Low
EPSS
0.007
Percentile
80.2%
Related for NVD:CVE-2015-7762