4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
A race condition in the OpenAFS fileserver allows remote attackers to
cause a denial of service (daemon crash) by simultaneously acquiring and
giving back file callbacks, which causes the handler for the
GiveUpAllCallBacks RPC to perform linked-list operations without the
host_glock lock.
For the old stable distribution (sarge), this problem has been fixed in
version 1.3.81-3sarge3.
For the stable distribution (etch), this problem has been fixed in
version 1.4.2-6etch1.
We recommend that you upgrade your openafs packages.
CPE | Name | Operator | Version |
---|---|---|---|
openafs | eq | 1.3.81-3sarge1 | |
openafs | eq | 1.3.81-3sarge2 |