OpenAFS: Arbitrary code execution

Background OpenAFS is a distributed file system. Description Two vulnerabilities were discovered: Simon Wilkinson discovered from a bug report by Toby Blake that the cache manager of OpenAFS contains a heap-based buffer overflow which is related to the use of the ERRPTR macro CVE-2009-1250. A...

Mandriva Security Advisory MDVSA-2009:099-1 (openafs)

The remote host is missing an update to openafs announced via advisory MDVSA-2009:099-1. OpenVAS Vulnerability Test $Id: mdksa20090991.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:099-1 openafs Authors: Thomas Reinke Copyright: Copyright c 2009...

Mandriva Security Advisory MDVSA-2009:099-1 (openafs)

The remote host is missing an update to openafs announced via advisory MDVSA-2009:099-1. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandrake Security Advisory MDVSA-2009:099 (openafs)

The remote host is missing an update to openafs announced via advisory MDVSA-2009:099. OpenVAS Vulnerability Test $Id: mdksa2009099.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:099 openafs Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

Mandrake Security Advisory MDVSA-2009:099 (openafs)

The remote host is missing an update to openafs announced via advisory MDVSA-2009:099. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandriva Linux Security Advisory : openafs (MDVSA-2009:099-1)

Multiple vulnerabilities has been found and corrected in openafs : The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted ...

MDKA-2007:124 : openafs

This update addresses the following bugs in the openafs package: The openafs kernel module does not work on the x8664 platform, triggering a kernel oops as soon as it is loaded. The openafs package was compiled with wrong gcc 4.2 compiler optimisations which prevented it from listing directory...

MDVA-2008:166 : openafs

Openafs 1.4.7, included in Mandriva Linux 2009.0, doesn't support kernels = 2.6.26. As a result, the dkms module doesn't build because of interface changes. This update corrects the problem. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently ...

MDVA-2008:006 : openafs

The previous openafs update MDKA-2007:124 was released to correct gcc compiler optimisations, however it only corrected the problem on 32bit platforms. This update fixes it for both 32bit and 64bit architectures. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated...

MDVA-2008:006-1 : openafs

The previous openafs update MDKA-2007:124 was released to correct gcc compiler optimisations, however it only corrected the problem on 32bit platforms. This update fixes it for both 32bit and 64bit architectures. Update: The previous update did not completely correct the problem in all cases. It...

Mandriva Linux Security Advisory : openafs (MDVSA-2008:207)

A race condition in OpenAFS 1.3.40 through 1.4.5 allowed remote attackers to cause a denial of service daemon crash by simultaneously acquiring and giving back file callbacks CVE-2007-6599. The updated packages have been patched to prevent this issue. %NASLMINLEVEL 70300 C Tenable Network Securit...

Debian Security Advisory DSA 1768-1 (openafs)

The remote host is missing an update to openafs announced via advisory DSA 1768-1. OpenVAS Vulnerability Test $Id: deb17681.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1768-1 openafs Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Debian: Security Advisory (DSA-1768-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenAFS multiple security vulnerabilities

DoS, buffer overflow...

[SECURITY] [DSA 1768-1] New openafs packages potential code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1768-1 [email protected] http://www.debian.org/security/ Florian Weimer April 10, 2009 http://www.debian.org/security/faq -...

Debian DSA-1768-1 : openafs - several vulnerabilities

Two vulnerabilities were discovered in the client part of OpenAFS, a distributed file system. - CVE-2009-1251 An attacker with control of a file server or the ability to forge RX packets may be able to execute arbitrary code in kernel mode on an OpenAFS client, due to a vulnerability in XDR array...

[Backports-security-announce] Security Update for openafs

Russ Allbery uploaded new packages for openafs a distributed file system which fixed the following security problems: CVE-2009-1251 An attacker with control of a file server or the ability to forge RX packets may be able to execute arbitrary code in kernel mode on an OpenAFS client, due to a...

[Backports-security-announce] Security Update for openafs

Russ Allbery uploaded new packages for openafs a distributed file system which fixed the following security problems: CVE-2009-1251 An attacker with control of a file server or the ability to forge RX packets may be able to execute arbitrary code in kernel mode on an OpenAFS client, due to a...

[SECURITY] [DSA 1768-1] New openafs packages potential code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1768-1 [email protected] http://www.debian.org/security/ Florian Weimer April 10, 2009 http://www.debian.org/security/faq -...

OpenAFS出错代码远程拒绝服务漏洞

BUGTRAQ ID: 34404 CVECAN ID: CVE-2009-1250 OpenAFS是一套开放源代码的分布式文件系统，允许系统之间通过局域和广域网来分享档案和资源。 OpenAFS客户端可能会使用一套将出错代码和指针合并为一个单个值的机制将从文件服务器获得的错误代码直接传送给Linux内核，但这套机制无法区分某些指针的出错代码。当AFS向内核返回这种类型的代码时，内核会将其处理为指针并试图引用。如果攻击者伪造了已有文件服务器的响应或诱骗用户访问了受控的文件服务器，就可以导致客户端崩溃。 OpenAFS OpenAFS 1.5.0 - 1.5.58 OpenAFS...