CVE-2014-2852

OpenAFS before 1.6.7 delays the listen thread when an RXSCheckResponse fails, which allows remote attackers to cause a denial of service performance degradation via an invalid packet...

CVE-2014-2852

OpenAFS prior to 1.6.7 delays the listen thread when an RXS_CheckResponse fails, enabling a remote attacker to cause denial of service (performance degradation) via an invalid packet. Multiple connected sources corroborate this issue and its association with CVE-2014-2852, with remediation docume...

CVE-2014-0159

Buffer overflow in the GetStatistics64 remote procedure call RPC in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service crash via a crafted statsVersion argument...

Scientific Linux Security Update : openafs on SL5.x, SL6.x i386/x86_64 (20140411)

An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server. The GetStatistics64 remote procedure call RPC was introduced in OpenAFS 1.4.8 as part of the support for fileserver partitions larger than 2 TiB. The GetStatistics64 RPC is used by...

FreeBSD : openafs -- Denial of Service (c0c31b27-bff3-11e3-9d09-000c2980a9f3)

The OpenAFS development team reports : An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server. The buffer overflow can be triggered by sending an unauthenticated request for file server statistical information. Clients are not affected...

Debian DSA-2899-1 : openafs - security update

Michael Meffie discovered that in OpenAFS, a distributed filesystem, an attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the fileserver, and potentially permitting the execution of arbitrary code. In addition, this update addresses a minor deni...

[SECURITY] [DSA 2899-1] openafs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2899-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst April 09, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2899-1 (openafs - security update)

Michael Meffie discovered that in OpenAFS, a distributed filesystem, an attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the fileserver, and potentially permitting the execution of arbitrary code. In addition, this update addresses a minor deni...

openafs -- Denial of Service

The OpenAFS development team reports: An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server. The buffer overflow can be triggered by sending an unauthenticated request for file server statistical information. Clients are not affected...

DSA-2899-1 openafs - security update

Bulletin has no description...

GLSA-201404-05 : OpenAFS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201404-05 OpenAFS: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenAFS. Please review the CVE identifiers referenced below for details. Impact : An attacker could potentially execute arbitrary code wi...

Debian: Security Advisory (DSA-2899-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenAFS: Multiple vulnerabilities

Background OpenAFS is an client-server program suite for federated file sharing and replicated content distribution. Description Multiple vulnerabilities have been discovered in OpenAFS. Please review the CVE identifiers referenced below for details. Impact An attacker could potentially execute...

CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption DES for Kerberos keys, which makes it easier for remote attackers to obtain the service key...

DEBIAN-CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption DES for Kerberos keys, which makes it easier for remote attackers to obtain the service key...

CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption DES for Kerberos keys, which makes it easier for remote attackers to obtain the service key...

CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption DES for Kerberos keys, which makes it easier for remote attackers to obtain the service key...

CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...