Debian Openafs vulnerabilities

CVE-2015-3284 [LOW] CVE-2015-3284: openafs - pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory ... pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands. Scope: local bookworm: resolved (fixed in 1.6.13-1) bullseye: resolved (fixed in 1.6.13-1) sid: resolved (fixed in 1.6.13-1) trixie: resolved (fixed in 1.6.13-1)

CVE-2015-3285 [LOW] CVE-2015-3285: openafs - The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointe... The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command. Scope: local bookworm: resolved (fixed in 1.6.13-1) bullseye: resolved (fixed in 1.6.13-1) sid: resolved (fixed in 1.6.13-1) trixie

CVE-2014-2852 [MEDIUM] CVE-2014-2852: openafs - OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, w... OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet. Scope: local bookworm: resolved (fixed in 1.6.7-1) bullseye: resolved (fixed in 1.6.7-1) sid: resolved (fixed in 1.6.7-1) trixie: resolved (fixed in 1.6.7-1)

CVE-2014-0159 [MEDIUM] CVE-2014-0159: openafs - Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.... Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument. Scope: local bookworm: resolved (fixed in 1.6.7-1) bullseye: resolved (fixed in 1.6.7-1) sid: resolved (fixed in 1.6.7-1) trixie: resolved (fixed in 1.6.7-1)

CVE-2014-4044 [MEDIUM] CVE-2014-4044: openafs - OpenAFS 1.6.8 does not properly clear the fields in the host structure, which al... OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests. Scope: local bookworm: resolved (fixed in 1.6.9-1) bullseye: resolved (fixed in 1.6.9-1) sid: resolved (fixed in 1.6.9-1) trixie: resolved (fixed i

CVE-2013-1795 [MEDIUM] CVE-2013-1795: openafs - Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to ... Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.6.1-3) bullseye: resolved (fixed in 1.6.1-3) sid: resolved (fixed in 1.6.1-3) trixie: resolved (fixed in 1.6.1-3)

CVE-2013-4135 [MEDIUM] CVE-2013-4135: openafs - The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, o... The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. Scope: local bookworm: resolved (fixed in 1.6.5-1) bullseye: resolved (fixed in 1.6.5-1) sid: resolved (fixed in 1.6.5-1) trixie: resolved

CVE-2013-4134 [MEDIUM] CVE-2013-4134: openafs - OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak enc... OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. Scope: local bookworm: resolved (fixed in 1.6.5-1) bullseye: resolved (fixed in 1.6.5-1) sid: resolved (fixed in 1.6.5-1) trixie: resolved (fixed in 1.6.5-1)

CVE-2013-1794 [MEDIUM] CVE-2013-1794: openafs - Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remot... Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry. Scope: local bookworm: resolved (fixed in 1.6.1-3) bullseye: resolved (fixed in 1.6.1-3) sid: resolved (fixed in 1.6.1-3) trixie: resolved (fixed in 1.6.1-3)

CVE-2011-0430 [HIGH] CVE-2011-0430: openafs - Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.... Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors. Scope: local bookworm: resolved (fixed in 1.4.14+dfsg-1) bullseye: resolved (fixed in 1.4.14+dfsg-1) sid: resolved (fixed in 1.4.14+dfsg-1) trixie: resolved

CVE-2011-0431 [MEDIUM] CVE-2011-0431: openafs - The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in ... The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information. Scope: local bookworm: resolved (fixed in 1.4.14+dfs

CVE-2009-1251 [CRITICAL] CVE-2009-1251: openafs - Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 thr... Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays. Scope: local bookworm: resolve

CVE-2009-1250 [HIGH] CVE-2009-1250: openafs - The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1... The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro. Scope: local bookworm: resolved (fix

CVE-2007-6599 [MEDIUM] CVE-2007-6599: openafs - Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1... Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock. Scope: local bookworm: resolved (fi

CVE-2007-1507 [HIGH] CVE-2007-1507: openafs - The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 ... The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache. Scope: local bookworm: resolved (fixed in 1.4.2-6) bullseye: reso

CVE-2002-0391 [CRITICAL] CVE-2002-0391: acm - Integer overflow in xdr_array function in RPC servers for operating systems that... Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. Scope: local bookworm: resolved (fixed in 5.0-10) bullseye: resolved (