Openafs@1.6.4 Security Vulnerabilities and Issues — Openafs@1.6.4 CVE List

Lucene search

OpenafsOpenafs1.6.4

5 matches found

CVE•added 2015/11/06 9:59 p.m.•51 views

CVE-2015-7763

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

5CVSS6AI score0.00472EPSS

CVE•added 2014/04/14 3:9 p.m.•48 views

CVE-2014-0159

Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.

5CVSS6.5AI score0.01389EPSS

CVE•added 2013/11/05 9:55 p.m.•47 views

CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.

4.3CVSS6.4AI score0.00152EPSS

CVE•added 2014/04/14 3:9 p.m.•46 views

CVE-2014-2852

OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.

5CVSS6.5AI score0.00474EPSS

CVE•added 2013/11/05 9:55 p.m.•43 views

CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS6.1AI score0.00283EPSS