CVE-2015-7762

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement ACK packet, which allows remote attackers to obtain sensitive information by 1 conducting a replay attack or 2 sniffing the network...

CVE-2015-7763

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement ACK packet, which allows remote attackers to obtain sensitive information by 1 conducting a replay attack or 2 sniffing the network...

Updated openafs packages fix security vulnerabilities

Updated openafs packages fix security vulnerabilities: When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762...

MGASA-2015-0424 Updated openafs packages fix security vulnerabilities

Updated openafs packages fix security vulnerabilities: When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762...

Debian DSA-3387-1 : openafs - security update

John Stumpo discovered that OpenAFS, a distributed file system, does not fully initialize certain network packets before transmitting them. This can lead to a disclosure of the plaintext of previously processed packets. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

[SECURITY] [DSA 3387-1] openafs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3387-1 [email protected] https://www.debian.org/security/ Florian Weimer November 01, 2015 https://www.debian.org/security/faq -...

DSA-3387-1 openafs - security update

Bulletin has no description...

Scientific Linux Security Update : openafs on SL5.x, SL6.x, SL7.x i386/x86_64 (20151021)

This release fixes the high impact security vulnerability named 'Tattletale' The packet paylod of Rx ACK packets is not fully initialized, leaking plaintext from packets previously processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

FreeBSD : openafs -- information disclosure (017a493f-7db6-11e5-a762-14dae9d210b8)

The OpenAFS development team reports : When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762. Additionally, OpenAFS...

openafs -- information disclosure

The OpenAFS development team reports: When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762. Additionally, OpenAFS ...

Mageia: Security Advisory (MGASA-2015-0337)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201404-05

Gentoo Linux Local Security Checks GLSA 201404-05 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

The vulnerability of the OpenAFS file system, which allows a hacker to trigger a service failure

The vulnerability of the OpenAFS file system arises due to buffer overflow. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure by using a specially crafted regular expression in the call to the remote VLListAttributesN2 procedure...

Updated openafs package fixes security vulnerabilities

Updated openafs packages fix security vulnerabilities: Memory allocated by vos for VLDB entry structures was not cleared prior to use, meaning stack data could be sent over the network, possibly in the clear if crypt mode was not in use CVE-2015-3282. The default use by bos of clear rather than...

MGASA-2015-0337 Updated openafs package fixes security vulnerabilities

Updated openafs packages fix security vulnerabilities: Memory allocated by vos for VLDB entry structures was not cleared prior to use, meaning stack data could be sent over the network, possibly in the clear if crypt mode was not in use CVE-2015-3282. The default use by bos of clear rather than...

IBM OpenAFS vlserver Buffer Overflow Vulnerability

IBM OpenAFS is a distributed file system from IBM in the United States that allows sharing of files and resources between systems over LANs and WANs. A security vulnerability exists in IBM OpenAFS 1.6.12 and earlier versions of vlserver server. A remote attacker can exploit this vulnerability to...

UBUNTU-CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service out-of-bounds read and crash via a crafted regular expression in a VLListAttributesN2 RPC...

Out-of-bounds

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service out-of-bounds read and crash via a crafted regular expression in a VLListAttributesN2 RPC...

CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service out-of-bounds read and crash via a crafted regular expression in a VLListAttributesN2 RPC...

CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service out-of-bounds read and crash via a crafted regular expression in a VLListAttributesN2 RPC...