639 matches found
CVE-2024-10394 Theft of credentials in Unix client PAGs
A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG...
OpenAFS 缓冲区错误漏洞
OpenAFS is an OpenAFS open source set of distributed file systems. It allows files and resources to be shared between systems over LANs and WANs. OpenAFS suffers from a buffer error vulnerability that originates from a malicious server that could crash the cache manager and other client utilities...
PT-2024-16242 · Openafs +1 · Openafs +1
Name of the Vulnerable Software and Affected Versions: OpenAFS affected versions not specified Description: A local user can bypass the OpenAFS PAG Process Authentication Group throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining...
PT-2024-16244 · Openafs +1 · Openafs +1
Name of the Vulnerable Software and Affected Versions: OpenAFS affected versions not specified Description: A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code. Recommendations: At the moment, there is no information about a newer...
OpenAFS 安全漏洞
OpenAFS is an OpenAFS open source set of distributed file systems. It allows files and resources to be shared between systems over LANs and WANs. A security vulnerability exists in OpenAFS, which stems from the fact that an authenticated user can provide an incorrectly formatted ACL to a file...
OESA-2024-1737 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client...
OESA-2024-1738 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client...
OPENSUSE-SU-2024:11113-1 openafs-1.8.8-1.13 on GA media
These are all security issues fixed in the openafs-1.8.8-1.13 package on the GA media of openSUSE Tumbleweed...
CVE-2021-47366
In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...
CVE-2021-47366
In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...
CVE-2021-47366
In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...
CVE-2021-47366 afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server
In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...
CVE-2021-47366 afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server
In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...
CVE-2021-47366
Summary (CVE-2021-47366) : In the Linux kernel AFS client vulnerability, reads from an OpenAFS server could be corrupted when file positions or read lengths exceeded 2G, due to switching between FS.FetchData (signed 32-bit pos/len) and FS.FetchData64. The fix captures file server capabilities via...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a corruption when reading fpos 2G-4G from an OpenAFS server...
Debian: Security Advisory (DLA-733-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-342-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-493-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1213-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2007-1507
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...