OpenAFS出错代码远程拒绝服务漏洞

BUGTRAQ ID: 34404 CVECAN ID: CVE-2009-1250 OpenAFS是一套开放源代码的分布式文件系统，允许系统之间通过局域和广域网来分享档案和资源。 OpenAFS客户端可能会使用一套将出错代码和指针合并为一个单个值的机制将从文件服务器获得的错误代码直接传送给Linux内核，但这套机制无法区分某些指针的出错代码。当AFS向内核返回这种类型的代码时，内核会将其处理为指针并试图引用。如果攻击者伪造了已有文件服务器的响应或诱骗用户访问了受控的文件服务器，就可以导致客户端崩溃。 OpenAFS OpenAFS 1.5.0 - 1.5.58 OpenAFS...

Heap overflow

Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via an RX response containing more data than specified in a...

CVE-2009-1251

Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via an RX response containing more data than specified in a...

CVE-2009-1250

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...

CVE-2009-1250

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...

Null pointer dereference

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...

DEBIAN-CVE-2009-1250

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...

CVE-2009-1251

Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via an RX response containing more data than specified in a...

CVE-2009-1250

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...

DEBIAN-CVE-2009-1251

Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via an RX response containing more data than specified in a...

CVE-2009-1251

OpenAFS vulnerability CVE-2009-1251 affects the OpenAFS client cache manager on Unix. The issue is a heap-based bug related to XDR arrays (and ERR_PTR usage) in the cache manager, allowing remote attackers to crash the kernel and potentially execute arbitrary code or cause a denial of service. Af...

CVE-2009-1250

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...

CVE-2009-1251

Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via an RX response containing more data than specified in a...

Mandriva Update for openafs MDVA-2008:006 (openafs)

Check for the Version of openafs OpenVAS Vulnerability Test Mandriva Update for openafs MDVA-2008:006 openafs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Mandriva Update for openafs MDKA-2007:124 (openafs)

Check for the Version of openafs OpenVAS Vulnerability Test Mandriva Update for openafs MDKA-2007:124 openafs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Mandriva Update for openafs MDVA-2008:006-1 (openafs)

Check for the Version of openafs OpenVAS Vulnerability Test Mandriva Update for openafs MDVA-2008:006-1 openafs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Mandriva Update for openafs MDVA-2008:166 (openafs)

Check for the Version of openafs OpenVAS Vulnerability Test Mandriva Update for openafs MDVA-2008:166 openafs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Mandriva Update for openafs MDVSA-2008:207 (openafs)

Check for the Version of openafs OpenVAS Vulnerability Test Mandriva Update for openafs MDVSA-2008:207 openafs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for openafs MDKSA-2007:066 (openafs)

Check for the Version of openafs OpenVAS Vulnerability Test Mandriva Update for openafs MDKSA-2007:066 openafs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for openafs MDVA-2008:006 (openafs)

Check for the Version of openafs OpenVAS Vulnerability Test Mandriva Update for openafs MDVA-2008:006 openafs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...