CVE-2015-8312

Off-by-one error in afspioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service memory overwrite and system crash via a pioctl with an input buffer size of 4096 bytes...

CVE-2016-2860

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID...

CVE-2016-4536

The client in OpenAFS before 1.6.17 does not properly initialize the 1 AFSStoreStatus, 2 AFSStoreVolumeStatus, 3 VldbListByAttributes, and 4 ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic...

IBM OpenAFS Memory Information Disclosure Vulnerability

IBM OpenAFS is a distributed file system that allows sharing of archives and resources between systems over LANs and WANs. A security vulnerability exists in IBM OpenAFS that allows a local attacker to exploit the vulnerability to gain access to plaintext stack data...

Debian: Security Advisory (DSA-3387-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3569-1 : openafs - security update

Two vulnerabilities were discovered in openafs, an implementation of the distributed filesystem AFS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-8312 Potential denial of service caused by a bug in the pioctl logic allowing a local user to overru...

[SECURITY] [DSA 3569-1] openafs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3569-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 05, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3569-1] openafs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3569-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 05, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3569-1 (openafs - security update)

Two vulnerabilities were discovered in openafs, an implementation of the distributed filesystem AFS. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8312 Potential denial of service caused by a bug in the pioctl logic allowing a local user to overrun a...

DSA-3569-1 openafs - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3569-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM OpenAFS ptserver elevation of privilege vulnerability

IBM OpenAFS is a distributed file system from IBM in the United States that allows sharing of files and resources between systems over LANs and WANs. A security vulnerability exists in IBM OpenAFS versions prior to 1.6.17 in ptserver. An attacker could exploit the vulnerability to create arbitrar...

Mageia: Security Advisory (MGASA-2016-0121)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2016-0121 Updated openafs packages fix security vulnerability

In OpenAFS before 1.6.17, users from foreign Kerberos realms can create groups as if they were administrators CVE-2016-2860. In OpenAFS before 1.6.17, information leakage over the network due to uninitialized memory CVE-2016-4536...

Updated openafs packages fix security vulnerability

In OpenAFS before 1.6.17, users from foreign Kerberos realms can create groups as if they were administrators CVE-2016-2860. In OpenAFS before 1.6.17, information leakage over the network due to uninitialized memory CVE-2016-4536...

Scientific Linux Security Update : OpenAFS on SL5.x, SL6.x, SL7.x i386/x86_64 (20160317)

-- This release fixes the vulnerabilities tracked as OPENAFS-SA-2016-001 and OPENAFS-SA-2016-002. OPENAFS-SA-2016-001 CVE-2016-2860: Users from foreign Kerberos realms can create groups as if they were administrators OPENAFS-SA-2016-002: Information leakage over the network due to uninitialized...

openafs -- multiple vulnerabilities

The OpenAFS development team reports: Foreign users can bypass access controls to create groups as system:administrators, including in the user namespace and the system: namespace. The contents of uninitialized memory are sent on the wire when clients perform certain RPCs. Depending on the RPC, t...

openafs -- local DoS vulnerability

The OpenAFS development team reports: Avoid a potential denial of service issue, by fixing a bug in pioctl logic that allowed a local user to overrun a kernel buffer with a single NUL byte...

Debian DLA-342-1 : openafs security update

Several vulnerabilities have been found and solved in the distributed file system OpenAFS : CVE-2015-3282 vos leaked stack data clear on the wire when updating vldb entries. CVE-2015-3283 OpenAFS allowed remote attackers to spoof bos commands via unspecified vectors. CVE-2015-3285 pioctl wrongly...

[SECURITY] [DLA 342-1] openafs security update

Package : openafs Version : 1.4.12.1+dfsg-4+squeeze4 CVE ID : CVE-2015-3282 CVE-2015-3283 CVE-2015-3285 CVE-2015-6587 CVE-2015-7762 CVE-2015-7763 Several vulnerabilities have been found and solved in the distributed file system OpenAFS: CVE-2015-3282 vos leaked stack data clear on the wire when...