Summary
| Detail | |||
|---|---|---|---|
| Vendor | Openafs | First view | 2003-03-25 |
| Product | Openafs | Last view | 2019-10-29 |
| Version | 1.3.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:openafs:openafs | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.9 | 2019-10-29 | CVE-2019-18603 | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. |
| 7.5 | 2019-10-29 | CVE-2019-18602 | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. |
| 7.5 | 2019-10-29 | CVE-2019-18601 | OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler. |
| 7.5 | 2018-09-11 | CVE-2018-16949 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections. |
| 7.5 | 2018-09-11 | CVE-2018-16948 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory. |
| 9.8 | 2018-09-11 | CVE-2018-16947 | An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data. |
| 7.5 | 2017-12-05 | CVE-2017-17432 | OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. |
| 5.3 | 2017-02-06 | CVE-2016-9772 | OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses. |
| 5.3 | 2016-05-13 | CVE-2016-4536 | The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic. |
| 6.5 | 2016-05-13 | CVE-2016-2860 | The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID. |
| 7.8 | 2016-05-13 | CVE-2015-8312 | Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes. |
| 5 | 2015-11-06 | CVE-2015-7762 | rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. |
| 4 | 2015-09-02 | CVE-2015-6587 | The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC. |
| 4.6 | 2015-08-12 | CVE-2015-3286 | Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG. |
| 2.1 | 2015-08-12 | CVE-2015-3285 | The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command. |
| 2.1 | 2015-08-12 | CVE-2015-3284 | pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands. |
| 6.8 | 2015-08-12 | CVE-2015-3283 | OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. |
| 4.3 | 2015-08-12 | CVE-2015-3282 | vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network. |
| 5 | 2014-04-14 | CVE-2014-2852 | OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet. |
| 4.3 | 2013-11-05 | CVE-2013-4134 | OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. |
| 5 | 2013-03-13 | CVE-2013-1795 | Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow. |
| 6.5 | 2013-03-13 | CVE-2013-1794 | Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry. |
| 10 | 2009-04-08 | CVE-2009-1251 | Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays. |
| 7.8 | 2009-04-08 | CVE-2009-1250 | The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro. |
| 4.3 | 2008-01-03 | CVE-2007-6599 | Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 26% (6) | CWE-200 | Information Exposure |
| 21% (5) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 13% (3) | CWE-189 | Numeric Errors |
| 4% (1) | CWE-617 | Reachable Assertion |
| 4% (1) | CWE-502 | Deserialization of Untrusted Data |
| 4% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 4% (1) | CWE-362 | Race Condition |
| 4% (1) | CWE-310 | Cryptographic Issues |
| 4% (1) | CWE-287 | Improper Authentication |
| 4% (1) | CWE-284 | Access Control (Authorization) Issues |
| 4% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 4% (1) | CWE-20 | Improper Input Validation |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-26 | Leveraging Race Conditions |
| CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 55274 | OpenAFS Client on Unix Cache Manager RX Response Handling Remote Overflow |
| 55273 | OpenAFS Client on Linux Cache Manager RX Response Handling Remote DoS |
| 39864 | OpenAFS fileserver GiveUpAllCallBacks DoS |
| 4501 | RPC XDR xdrmem_getbytes() Function Remote Overflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201101-05 (OpenAFS) File : nvt/glsa_201101_05.nasl |
| 2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:099-1 (openafs) File : nvt/mdksa_2009_099_1.nasl |
| 2009-05-05 | Name : Mandrake Security Advisory MDVSA-2009:099 (openafs) File : nvt/mdksa_2009_099.nasl |
| 2009-04-15 | Name : Debian Security Advisory DSA 1768-1 (openafs) File : nvt/deb_1768_1.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200801-04 (openafs) File : nvt/glsa_200801_04.nasl |
| 2008-01-31 | Name : Debian Security Advisory DSA 1458-1 (openafs) File : nvt/deb_1458_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 266-1 (krb5) File : nvt/deb_266_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 272-1 (dietlibc) File : nvt/deb_272_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 282-1 (glibc) File : nvt/deb_282_1.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | portmap proxy integer overflow attempt TCP RuleID : 2093-community - Type : PROTOCOL-RPC - Revision : 13 |
| 2014-01-10 | portmap proxy integer overflow attempt TCP RuleID : 2093 - Type : PROTOCOL-RPC - Revision : 13 |
| 2014-01-10 | portmap proxy integer overflow attempt UDP RuleID : 2092-community - Type : PROTOCOL-RPC - Revision : 14 |
| 2014-01-10 | portmap proxy integer overflow attempt UDP RuleID : 2092 - Type : PROTOCOL-RPC - Revision : 14 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-09-25 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4302.nasl - Type: ACT_GATHER_INFO |
| 2018-09-24 | Name: The remote Debian host is missing a security update. File: debian_DLA-1513.nasl - Type: ACT_GATHER_INFO |
| 2017-12-21 | Name: The remote Debian host is missing a security update. File: debian_DLA-1213.nasl - Type: ACT_GATHER_INFO |
| 2017-12-18 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4067.nasl - Type: ACT_GATHER_INFO |
| 2016-12-05 | Name: The remote Debian host is missing a security update. File: debian_DLA-733.nasl - Type: ACT_GATHER_INFO |
| 2016-06-06 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_2e8fe57e2b4611e6ae88002590263bf5.nasl - Type: ACT_GATHER_INFO |
| 2016-06-06 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_bcbd3fe02b4611e6ae88002590263bf5.nasl - Type: ACT_GATHER_INFO |
| 2016-05-31 | Name: The remote Debian host is missing a security update. File: debian_DLA-493.nasl - Type: ACT_GATHER_INFO |
| 2016-05-06 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3569.nasl - Type: ACT_GATHER_INFO |
| 2016-03-18 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20160317_OpenAFS_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
| 2015-11-19 | Name: The remote Debian host is missing a security update. File: debian_DLA-342.nasl - Type: ACT_GATHER_INFO |
| 2015-11-02 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3387.nasl - Type: ACT_GATHER_INFO |
| 2015-10-30 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20151021_openafs_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
| 2015-10-29 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_017a493f7db611e5a76214dae9d210b8.nasl - Type: ACT_GATHER_INFO |
| 2015-07-31 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20150730_openafs_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
| 2015-07-31 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3320.nasl - Type: ACT_GATHER_INFO |
| 2014-12-15 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2014-244.nasl - Type: ACT_GATHER_INFO |
| 2014-04-10 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2899.nasl - Type: ACT_GATHER_INFO |
| 2014-04-08 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201404-05.nasl - Type: ACT_GATHER_INFO |
| 2013-07-30 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2729.nasl - Type: ACT_GATHER_INFO |
| 2013-07-26 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_c4d412c8f4d111e2b86c000c295229d5.nasl - Type: ACT_GATHER_INFO |
| 2013-07-26 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20130724_openafs_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
| 2013-06-03 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_0bf376b7cc6b11e2a42414dae938ec40.nasl - Type: ACT_GATHER_INFO |
| 2013-03-05 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20130304_openafs_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
| 2013-03-05 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2638.nasl - Type: ACT_GATHER_INFO |
