Command injection

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...

Design/Logic Flaw

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption DES for Kerberos keys, which makes it easier for remote attackers to obtain the service key...

CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption DES for Kerberos keys, which makes it easier for remote attackers to obtain the service key...

CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption DES for Kerberos keys, which makes it easier for remote attackers to obtain the service key...

CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-4135

CVE-2013-4135 affects OpenAFS 1.6.x up to before 1.6.5: when using the -encrypt option, the vos command only provides integrity protection and transmits data in cleartext, enabling potential network sniffing of sensitive information. Public advisories consistently reference this as part of OpenAF...

CVE-2013-4134

OpenAFS is affected by CVE-2013-4134 due to weak DES encryption for Kerberos keys. Affected versions: OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26. Impact: remote attackers could obtain the service key. Remediation: upgrade to the fixed versions (OpenAFS 1.4.15+, 1.6.5+, or ...

Debian DSA-2729-1 : openafs - several vulnerabilities

OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: OPENAFS-SA-2013-003 In addition the...

[SECURITY] [DSA 2729-1] openafs security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2729-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 28, 2013 http://www.debian.org/security/faq -...

OpenAFS security vulnerabilities

Weak enbcryption algorithm...

[SECURITY] [DSA 2729-1] openafs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2729-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 28, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2729-1 (openafs - several vulnerabilities)

OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: OPENAFS-SA-2013-003In addition the...

DSA-2729-1 openafs - several

Bulletin has no description...

Debian: Security Advisory (DSA-2729-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : openafs -- single-DES cell-wide key brute-force vulnerability (c4d412c8-f4d1-11e2-b86c-000c295229d5)

OpenAFS Project reports : The small size of the DES key space permits an attacker to brute force a cell's service key and then forge traffic from any user within the cell. The key space search can be performed in under 1 day at a cost of around $100 using publicly available services. %NASLMINLEVE...

Scientific Linux Security Update : openafs on SL5.x, SL6.x i386/x86_64 (20130724)

OpenAFS uses Kerberos tickets to secure network traffic. For historical reasons, it has only supported the DES encryption algorithm to encrypt these tickets. The weakness of DES's 56 bit key space has long been known, however it has recently become possible to use that weakness to cheaply around...

openafs -- single-DES cell-wide key brute force vulnerability

OpenAFS Project reports: The small size of the DES key space permits an attacker to brute force a cell's service key and then forge traffic from any user within the cell. The key space search can be performed in under 1 day at a cost of around $100 using publicly available services...

FreeBSD : net/openafs -- buffer overflow (0bf376b7-cc6b-11e2-a424-14dae938ec40)

Nickolai Zeldovich reports : An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server. %NASLMINLEVEL 70300 C...

DEBIAN-CVE-2013-1795

Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service crash via a large list from the IdToName RPC, which triggers a heap-based buffer overflow...