MidnightBSD

Advisories for openafs

CVE-2003-0028 HIGH

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu glibc 2.2.2
sgi irix 6.5.4m
hp hp-ux_series_800 10.20
hp hp-ux 11.20
openafs openafs 1.0.1
sgi irix 6.5.15f
openafs openafs 1.0
sgi irix 6.5.7
sgi irix 6.5.2m
mit kerberos_5 1.2.4
sgi irix 6.5.13m
openbsd openbsd 2.5
openbsd openbsd 2.8
freebsd freebsd 4.4
hp hp-ux 11.11
sgi irix 6.5.14
cray unicos 8.3
sun solaris 7.0
sun solaris 2.6
openafs openafs 1.1.1
ibm aix 4.3.3
sgi irix 6.5.13f
hp hp-ux_series_700 10.20
openafs openafs 1.2.3
sun solaris 2.5.1
openafs openafs 1.2.2a
openafs openafs 1.0.4
mit kerberos_5 1.2.5
sgi irix 6.5.12m
sun sunos 5.5.1
sgi irix 6.5.6m
cray unicos 6.0
openbsd openbsd 3.2
hp hp-ux 10.20
freebsd freebsd 4.6
openafs openafs 1.0.2
sgi irix 6.5.5m
sgi irix 6.5.12
sgi irix 6.5.2f
sgi irix 6.5.3
freebsd freebsd 4.2
sgi irix 6.5.7m
openbsd openbsd 2.7
sgi irix 6.5.17f
openbsd openbsd 2.6
freebsd freebsd 4.5
sgi irix 6.5.8f
sgi irix 6.5.15
freebsd freebsd 4.0
openbsd openbsd 3.1
gnu glibc 2.2.5
openafs openafs 1.0.3
ibm aix 5.2
openafs openafs 1.2.2
gnu glibc 2.2
cray unicos 9.2.4
sgi irix 6.5.16
sgi irix 6.5.8m
sun solaris 8.0
sun sunos 5.8
openbsd openbsd 2.2
sgi irix 6.5.9
mit kerberos_5 1.2.7
sgi irix 6.5.17m
sgi irix 6.5.3f
mit kerberos_5 1.2.6
openafs openafs 1.3.2
sgi irix 6.5.14f
openafs openafs 1.2.6
sgi irix 6.5.6f
sgi irix 6.5.18f
openafs openafs 1.3
sgi irix 6.5.7f
cray unicos 7.0
openafs openafs 1.2.1
openafs openafs 1.2
sgi irix 6.5.4f
cray unicos 9.0
freebsd freebsd 4.6.2
sgi irix 6.5.1
sgi irix 6.5.20
sgi irix 6.5.16f
gnu glibc 2.3.2
sgi irix 6.5.4
freebsd freebsd 5.0
sgi irix 6.5.9f
sgi irix 6.5.16m
sun sunos -
sgi irix 6.5.5f
hp hp-ux 11.04
cray unicos 6.1
sgi irix 6.5.13
gnu glibc 2.2.3
sgi irix 6.5.14m
sun solaris 9.0
openafs openafs 1.1.1a
freebsd freebsd 4.1
sgi irix 6.5.19
ibm aix 5.1
cray unicos 8.0
sgi irix 6.5.11
sgi irix 6.5
sgi irix 6.5.18m
sgi irix 6.5.11m
openafs openafs 1.2.4
sun sunos 5.7
gnu glibc 2.1.2
cray unicos 9.2
gnu glibc 2.1.3
openbsd openbsd 2.9
sgi irix 6.5.17
freebsd freebsd 4.7
openbsd openbsd 3.0
mit kerberos_5 1.2.2
sgi irix 6.5.3m
mit kerberos_5 1.2
sgi irix 6.5.8
hp hp-ux 10.24
gnu glibc 2.2.4
cray unicos 9.0.2.5
hp hp-ux 11.22
hp hp-ux 11.00
mit kerberos_5 1.2.3
sgi irix 6.5.18
openafs openafs 1.2.5
gnu glibc 2.3.1
openbsd openbsd 2.1
gnu glibc 2.1
sgi irix 6.5.10f
sgi irix 6.5.15m
sgi irix 6.5.9m
sgi irix 6.5.2
gnu glibc 2.3
cray unicos 6.0e
sgi irix 6.5.6
gnu glibc 2.2.1
freebsd freebsd 4.1.1
openafs openafs 1.1
openbsd openbsd 2.0
openbsd openbsd 2.4
openbsd openbsd 2.3
openafs openafs 1.0.4a
mit kerberos_5 1.2.1
gnu glibc 2.1.1
openafs openafs 1.2.2b
openafs openafs 1.3.1
freebsd freebsd 4.3
sgi irix 6.5.10m
sgi irix 6.5.10
sgi irix 6.5.5
sgi irix 6.5.11f
sgi irix 6.5.12f
CVE-2011-0430 HIGH

Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openafs openafs 1.4.12
openafs openafs 1.4.7
openafs openafs 1.4.14
CVE-2011-0431 MEDIUM

The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openafs openafs 1.4.12
openafs openafs 1.4.7
openafs openafs 1.4.14
CVE-2013-1794 MEDIUM

Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openafs openafs 1.5.68
openafs openafs 1.5.21
openafs openafs 1.5.18
openafs openafs 1.5.25
openafs openafs 1.5.63
openafs openafs 1.5.34
openafs openafs 1.5.61
openafs openafs 1.5.39
openafs openafs 1.5.12
openafs openafs 1.5.13
openafs openafs 1.5.37
openafs openafs 1.5.16
openafs openafs 1.5.71
openafs openafs 1.6.0
openafs openafs 1.5.17
openafs openafs 1.5.20
openafs openafs 1.5.53
openafs openafs 1.5.19
openafs openafs 1.5.10
openafs openafs 1.5.23
openafs openafs 1.5.24
openafs openafs 1.5.54
openafs openafs 1.5.77
openafs openafs 1.5.51
openafs openafs 1.5.76
openafs openafs 1.5.58
openafs openafs 1.5.26
openafs openafs 1.5.73
openafs openafs 1.5.33
openafs openafs 1.5.57
openafs openafs 1.5.69
openafs openafs 1.5.60
openafs openafs 1.5.75
openafs openafs 1.5.30
openafs openafs 1.5.14
openafs openafs 1.5.52
openafs openafs 1.5.62
openafs openafs 1.5.22
openafs openafs 1.5.78
openafs openafs *
openafs openafs 1.5.64
openafs openafs 1.5.50
openafs openafs 1.5.67
openafs openafs 1.5.66
openafs openafs 1.5.56
openafs openafs 1.5.27
openafs openafs 1.5.59
openafs openafs 1.5.70
openafs openafs 1.5.31
openafs openafs 1.5.28
openafs openafs 1.5.72
openafs openafs 1.5.29
openafs openafs 1.5.55
openafs openafs 1.5.38
openafs openafs 1.5.65
openafs openafs 1.5.32
openafs openafs 1.5.11
openafs openafs 1.5.15
openafs openafs 1.5.36
openafs openafs 1.5.74
openafs openafs 1.5.35
CVE-2013-1795 MEDIUM

Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
openafs openafs 1.5.68
openafs openafs 1.5.21
openafs openafs 1.5.18
openafs openafs 1.5.25
openafs openafs 1.5.63
openafs openafs 1.5.34
openafs openafs 1.5.61
openafs openafs 1.5.39
openafs openafs 1.5.12
openafs openafs 1.5.13
openafs openafs 1.5.37
openafs openafs 1.5.16
openafs openafs 1.5.71
openafs openafs 1.6.0
openafs openafs 1.5.17
openafs openafs 1.5.20
openafs openafs 1.5.53
openafs openafs 1.5.19
openafs openafs 1.5.10
openafs openafs 1.5.23
openafs openafs 1.5.24
openafs openafs 1.5.54
openafs openafs 1.5.77
openafs openafs 1.5.51
openafs openafs 1.5.76
openafs openafs 1.5.58
openafs openafs 1.5.26
openafs openafs 1.5.73
openafs openafs 1.5.33
openafs openafs 1.5.57
openafs openafs 1.5.69
openafs openafs 1.5.60
openafs openafs 1.5.75
openafs openafs 1.5.30
openafs openafs 1.5.14
openafs openafs 1.5.52
openafs openafs 1.5.62
openafs openafs 1.5.22
openafs openafs 1.5.78
openafs openafs *
openafs openafs 1.5.64
openafs openafs 1.5.50
openafs openafs 1.5.67
openafs openafs 1.5.66
openafs openafs 1.5.56
openafs openafs 1.5.27
openafs openafs 1.5.59
openafs openafs 1.5.70
openafs openafs 1.5.31
openafs openafs 1.5.28
openafs openafs 1.5.72
openafs openafs 1.5.29
openafs openafs 1.5.55
openafs openafs 1.5.38
openafs openafs 1.5.65
openafs openafs 1.5.32
openafs openafs 1.5.11
openafs openafs 1.5.15
openafs openafs 1.5.36
openafs openafs 1.5.74
openafs openafs 1.5.35
CVE-2013-4134 MEDIUM

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
openafs openafs 1.4.5
openafs openafs 1.7.12
openafs openafs 1.2.7
openafs openafs 1.4.4
openafs openafs 1.0.1
openafs openafs 1.6.4
openafs openafs 1.0
openafs openafs 1.1.0
openafs openafs 1.4.1
openafs openafs 1.7.15
openafs openafs 1.3.70
openafs openafs 1.4.2
openafs openafs 1.7.19
openafs openafs 1.7.14
openafs openafs 1.4.7_pre3
openafs openafs 1.7.22
openafs openafs 1.1.1a
openafs openafs 1.3.74
openafs openafs 1.1.1
openafs openafs 1.4.3
openafs openafs 1.4.6
openafs openafs 1.7.2
openafs openafs 1.4.12
openafs openafs 1.2.3
openafs openafs 1.2.2a
openafs openafs 1.6.0
openafs openafs 1.3.77
openafs openafs 1.4
openafs openafs 1.0.4
openafs openafs 1.6.2.1
openafs openafs 1.2.4
openafs openafs 1.0.2
openafs openafs 1.7.4
openafs openafs 1.4.7_pre5
openafs openafs 1.7.18
openafs openafs 1.7.21
openafs openafs 1.4.7_pre2
openafs openafs 1.7.1
openafs openafs 1.7.20
openafs openafs 1.7.11
openafs openafs 1.7.23
openafs openafs 1.3.5
openafs openafs 1.0.3
openafs openafs 1.4.8_pre2
openafs openafs 1.7.24
openafs openafs 1.2.2
openafs openafs 1.7.25
openafs openafs 1.2.5
openafs openafs *
openafs openafs 1.7.10
openafs openafs 1.7.17
openafs openafs 1.7.13
openafs openafs 1.7.8
openafs openafs 1.3.2
openafs openafs 1.4.8_pre3
openafs openafs 1.2.6
openafs openafs 1.2.9
openafs openafs 1.6.2
openafs openafs 1.7.16
openafs openafs 1.4.7
openafs openafs 1.3
openafs openafs 1.6.1
openafs openafs 1.4.8_pre1
openafs openafs 1.1
openafs openafs 1.2.11
openafs openafs 1.4.7_pre1
openafs openafs 1.2.1
openafs openafs 1.3.81
openafs openafs 1.2.8
openafs openafs 1.2
openafs openafs 1.6.3
openafs openafs 1.0.4a
openafs openafs 1.2.2b
openafs openafs 1.3.1
openafs openafs 1.4.7_pre4
openafs openafs 1.4.0
openafs openafs 1.4.8
openafs openafs 1.2.13
openafs openafs 1.7.3
debian debian_linux 7.0
openafs openafs 1.2.10
CVE-2013-4135 MEDIUM

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
openafs openafs 1.6.3
openafs openafs 1.6.0
openafs openafs 1.6.2
openafs openafs 1.6.4
openafs openafs 1.6.1
debian debian_linux 7.0
openafs openafs 1.6.2.1
CVE-2014-0159 MEDIUM

Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openafs openafs 1.6.6
openafs openafs 1.4.12
openafs openafs 1.4.15
openafs openafs 1.6.0
openafs openafs 1.6.2
openafs openafs 1.6.4
openafs openafs 1.6.5.1
openafs openafs 1.6.1
openafs openafs 1.4.14.1
openafs openafs 1.6.2.1
openafs openafs 1.6.3
openafs openafs 1.4.10
openafs openafs 1.4.9
openafs openafs 1.4.14
openafs openafs 1.6.5
openafs openafs 1.4.11
openafs openafs 1.4.8
debian debian_linux 7.0
openafs openafs 1.6.5.2
CVE-2014-2852 MEDIUM

OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openafs openafs 1.6.3
openafs openafs *
openafs openafs 1.6.0
openafs openafs 1.6.2
openafs openafs 1.6.4
openafs openafs 1.6.5
openafs openafs 1.6.5.1
openafs openafs 1.6.1
openafs openafs 1.6.2.1
openafs openafs 1.6.5.2
CVE-2014-4044 MEDIUM

OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openafs openafs 1.6.8
CVE-2015-3282 MEDIUM

vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openafs openafs *
CVE-2015-3283 MEDIUM

OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openafs openafs *
CVE-2015-3284 LOW

pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openafs openafs *
CVE-2015-3285 LOW

The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openafs openafs *
CVE-2015-3286 MEDIUM

Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openafs openafs *
CVE-2015-6587 MEDIUM

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 8.0
openafs openafs *
debian debian_linux 7.0
CVE-2015-7762 MEDIUM

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openafs openafs 1.7.11
openafs openafs 1.7.23
openafs openafs 1.7.12
openafs openafs 1.7.26
openafs openafs 1.7.24
openafs openafs 1.7.15
openafs openafs 1.7.25
openafs openafs 1.7.19
openafs openafs 1.7.14
openafs openafs 1.7.29
debian debian_linux 8.0
openafs openafs *
openafs openafs 1.7.27
openafs openafs 1.7.28
openafs openafs 1.7.22
openafs openafs 1.7.10
openafs openafs 1.7.17
openafs openafs 1.7.13
openafs openafs 1.7.8
openafs openafs 1.7.30
openafs openafs 1.7.2
openafs openafs 1.7.31
openafs openafs 1.7.16
openafs openafs 1.7.4
openafs openafs 1.7.18
openafs openafs 1.7.21
openafs openafs 1.7.1
openafs openafs 1.7.3
debian debian_linux 7.0
openafs openafs 1.7.20
CVE-2015-7763 MEDIUM

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openafs openafs 1.7.12
openafs openafs 1.6.6
openafs openafs 1.6.4
openafs openafs 1.6.12
openafs openafs 1.7.15
openafs openafs 1.7.19
openafs openafs 1.6.13
openafs openafs 1.7.14
openafs openafs 1.7.29
openafs openafs 1.7.28
openafs openafs 1.7.22
openafs openafs 1.7.2
openafs openafs 1.7.31
openafs openafs 1.6.0
openafs openafs 1.6.5.1
openafs openafs 1.6.7
openafs openafs 1.6.2.1
openafs openafs 1.5.77
openafs openafs 1.5.76
openafs openafs 1.7.4
openafs openafs 1.6.5
openafs openafs 1.7.18
openafs openafs 1.7.21
openafs openafs 1.7.1
openafs openafs 1.6.9
openafs openafs 1.7.20
openafs openafs 1.7.11
openafs openafs 1.7.23
openafs openafs 1.5.75
openafs openafs 1.6.14
openafs openafs 1.7.26
openafs openafs 1.7.24
openafs openafs 1.5.78
openafs openafs 1.7.25
openafs openafs 1.7.27
openafs openafs 1.7.10
openafs openafs 1.7.17
openafs openafs 1.7.13
openafs openafs 1.7.8
openafs openafs 1.7.30
openafs openafs 1.6.5.2
openafs openafs 1.6.2
openafs openafs 1.7.16
openafs openafs 1.6.1
openafs openafs 1.6.11
openafs openafs 1.6.10
openafs openafs 1.6.8
openafs openafs 1.6.3
openafs openafs 1.7.3
CVE-2015-8312 HIGH

Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
debian debian_linux 8.0
openafs openafs *
debian debian_linux 9.0
CVE-2016-2860 MEDIUM

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
debian debian_linux 8.0
openafs openafs *
CVE-2016-4536 MEDIUM

The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openafs openafs *
CVE-2016-9772 MEDIUM

OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openafs openafs *
CVE-2017-17432 HIGH

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-617,

Products Affected

Vendor Product Version
debian debian_linux 8.0
openafs openafs *
debian debian_linux 9.0
CVE-2018-16947 HIGH

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
debian debian_linux 8.0
openafs openafs *
debian debian_linux 9.0
CVE-2018-16948 MEDIUM

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
debian debian_linux 8.0
openafs openafs *
debian debian_linux 9.0
CVE-2018-16949 MEDIUM

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
debian debian_linux 8.0
openafs openafs *
debian debian_linux 9.0
CVE-2019-18601 MEDIUM

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
openafs openafs *
CVE-2019-18602 MEDIUM

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-908,

Products Affected

Vendor Product Version
debian debian_linux 8.0
openafs openafs *
CVE-2019-18603 MEDIUM

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-908,

Products Affected

Vendor Product Version
debian debian_linux 8.0
openafs openafs *
CVE-2024-10394

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG.

Products Affected

Vendor Product Version
openafs openafs 1.9.0
openafs openafs *
CVE-2024-10396

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.

Products Affected

Vendor Product Version
openafs openafs 1.9.0
openafs openafs *
CVE-2024-10397

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.

Products Affected

Vendor Product Version
openafs openafs 1.9.0
openafs openafs *