5 matches found
[SECURITY] [DLA 342-1] openafs security update
Package : openafs Version : 1.4.12.1+dfsg-4+squeeze4 CVE ID : CVE-2015-3282 CVE-2015-3283 CVE-2015-3285 CVE-2015-6587 CVE-2015-7762 CVE-2015-7763 Several vulnerabilities have been found and solved in the distributed file system OpenAFS: CVE-2015-3282 vos leaked stack data clear on the wire when...
CVE-2015-7763
rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement ACK packet, which allows remote attackers to obtain sensitive information by 1 conducting a replay attack or 2 sniffing the network...
CVE-2015-7763
CVE-2015-7763 affects OpenAFS: RX ACK padding not initialized in OpenAFS 1.5.75–1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33, enabling remote replay or network sniffing to obtain plaintext data. Impact is partial confidentiality with network attack vector. Affected components: rx/rx.c in ...
[SECURITY] [DSA 3387-1] openafs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3387-1 [email protected] https://www.debian.org/security/ Florian Weimer November 01, 2015 https://www.debian.org/security/faq -...
FreeBSD : openafs -- information disclosure (017a493f-7db6-11e5-a762-14dae9d210b8)
The OpenAFS development team reports : When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762. Additionally, OpenAFS...