639 matches found
CVE-2018-16947
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller butc process accepts incoming RPCs but does not require or allow for authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, includin...
CVE-2018-16949
OpenAFS contains a vulnerability (CVE-2018-16949) where several RPC input variables are defined as unbounded arrays, only limited by the 4 GB length field. An unauthenticated attacker could send large inputs to exhaust server resources and cause denial of service. Affected versions are OpenAFS be...
CVE-2018-16947
OpenAFS has a concrete vulnerability set: CVE-2018-16947 affects OpenAFS before 1.6.23 and 1.8.x before 1.8.2, where the backup tape controller (butc) RPCs are not authenticated, enabling an unauthenticated attacker to perform volume operations with administrator credentials (e.g., dumping/restor...
CVE-2018-16948
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSC...
CVE-2018-16948
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSC...
CVE-2018-16947
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller butc process accepts incoming RPCs but does not require or allow for authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, includin...
CVE-2018-16949
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values...
MGASA-2018-0065 Updated openafs packages fixes security vulnerability
This update provides an update to openafs 1.6.22, fixing the following security issue: It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS CVE-2017-17432. It also adds support for 4.14 series kernels...
Updated openafs packages fixes security vulnerability
This update provides an update to openafs 1.6.22, fixing the following security issue: It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS CVE-2017-17432. It also adds support for 4.14 series kernels...
Debian DLA-1213-1 : openafs security update
CVE-2017-17432 It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system. For Debian 7 'Wheezy', these problems have been fixed in version 1.6.1-3+deb7u8. We recommend that you upgrade your openafs...
[SECURITY] [DLA 1213-1] openafs security update
Package : openafs Version : 1.6.1-3+deb7u8 CVE ID : CVE-2017-17432 CVE-2017-17432 It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system. For Debian 7 "Wheezy", these problems have been fixed in...
DLA-1213-1 openafs - security update
Bulletin has no description...
Debian DSA-4067-1 : openafs - security update
It was discovered that malformed jumbogram packets could result in denial of service against OpenAFS, an implementation of the Andrew distributed file system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
[SECURITY] [DSA 4067-1] openafs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4067-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 17, 2017 https://www.debian.org/security/faq -...
DSA-4067-1 openafs - security update
Bulletin has no description...
Debian: Security Advisory (DSA-4067-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : Openafs Security Update on SL6.x, SL7.x i386/x86_64 (20171206)
-- Security Fixes : - Certain values transmitted in RX ACK packets were not sanity checked by OpenAFS receiving peers, which could lead to an assertion being triggered during construction of outgoing packets on the same connection, resulting in server process crashes or client kernel panics...
CVE-2017-17432
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service system crash or application crash via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value...
CVE-2017-17432
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service system crash or application crash via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value...
Integer overflow
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service system crash or application crash via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value...