639 matches found
OpenAFS race conditions
Race conditions on acquiring and giving back file callbacks...
[SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1458-1 [email protected] http://www.debian.org/security/ Noah Meyerhans January 10, 2008 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
------------------------------------------------------------------------ Debian Security Advisory DSA-1458-1 [email protected] http://www.debian.org/security/ Noah Meyerhans January 10, 2008 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1458-1] New openafs packages fix denial of service vulnerability
------------------------------------------------------------------------ Debian Security Advisory DSA-1458-1 [email protected] http://www.debian.org/security/ Noah Meyerhans January 10, 2008 http://www.debian.org/security/faq -...
DSA-1458-1 openafs
Bulletin has no description...
GLSA-200801-04 : OpenAFS: Denial of Service
The remote host is affected by the vulnerability described in GLSA-200801-04 OpenAFS: Denial of Service Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a race condition due to an improper handling of the clients callbacks lists. Impact : A remote attacker could construct case...
OpenAFS: Denial of service
Background OpenAFS is a distributed network filesystem. Description Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a race condition due to an improper handling of the clients callbacks lists. Impact A remote attacker could construct cases which trigger the race condition,...
OpenAFS文件服务器远程拒绝服务漏洞
BUGTRAQ ID: 27132 CVECAN ID: CVE-2007-6599 OpenAFS是一套开放源代码的分布式文件系统,允许系统之间通过局域和广域网来分享档案和资源。 OpenAFS的文件服务器中存在竞争条件错误,远程攻击者可能利用此漏洞导致程序崩溃。 如果远程攻击者同时请求并返回文件回调的话,GiveUpAllCallBacks RPC的处理器就会未经hostglock锁定便执行链表操作,导致守护程序崩溃。 OpenAFS OpenAFS 1.5.0 - 1.5.27 OpenAFS OpenAFS 1.3.50 - 1.4.5 OpenAFS -------...
CVE-2007-6599
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service daemon crash by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list...
CVE-2007-6599
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service daemon crash by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list...
Race condition
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service daemon crash by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list...
CVE-2007-6599
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service daemon crash by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list...
DEBIAN-CVE-2007-6599
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service daemon crash by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list...
CVE-2007-6599
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service daemon crash by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list...
CVE-2007-6599
CVE-2007-6599 describes a race condition in the OpenAFS fileserver that can cause a remote daemon crash (DoS) when file callbacks are acquired and returned concurrently, triggering linked-list operations without host_glock locking. Affected versions range from OpenAFS 1.3.40/1.3.50? through 1.4.5...
CVE-2007-6599
Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service daemon crash by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list...
OpenAFS for Microsoft Windows本地拒绝服务漏洞
OpenAFS是一套开放源代码的分布式文件系统。 Windows平台下的OpenAFS存在设计错误,本地攻击者可以利用漏洞对系统进行拒绝服务攻击。 Windows平台下的OpenAFS安装一个网络提供模块afslogon.dll,此模块由Windows Logon服务装载,当MIT Kerberos For windows安装时,afslogon.dll会尝试对Kerberos v5库执行操作。成功使用Kerberos v5库需要有能力建立一个krb5context。在Kerberos...
GLSA-200704-03 : OpenAFS: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-200704-03 OpenAFS: Privilege escalation Benjamin Bennett discovered that the OpenAFS client contains a design flaw where cache managers do not use authenticated server connections when performing actions not requested by a user...
OpenAFS: Privilege escalation
Background OpenAFS is a distributed network filesystem. Description Benjamin Bennett discovered that the OpenAFS client contains a design flaw where cache managers do not use authenticated server connections when performing actions not requested by a user. Impact If setuid is enabled on the clien...
Mandrake Linux Security Advisory : openafs (MDKSA-2007:066)
By default, OpenAFS prior to 1.44 and 1.5.17 supports setuid programs within the local cell, which could allow attackers to obtain privileges. Updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...