Lucene search
Gentoo FoundationGLSA-201101-05HistoryJan 16, 2011 - 12:00 a.m.
OpenAFS: Arbitrary code execution
2011-01-1600:00:00
Gentoo Foundation
security.gentoo.org
25
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.163
Percentile
96.0%
Background
OpenAFS is a distributed file system.
Description
Two vulnerabilities were discovered:
- Simon Wilkinson discovered from a bug report by Toby Blake that the cache manager of OpenAFS contains a heap-based buffer overflow which is related to the use of the ERR_PTR macro (CVE-2009-1250).
- A pointer dereference bug when using XDR arrays was discovered by Simon Wilkinson, with assistance from Derrick Brashear and Jeffrey Altman. (CVE-2009-1251).
Impact
The vulnerabilities might allow remote unauthenticated attackers to cause a Denial of Service (system crash) and possibly execute arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All OpenAFS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/openafs-1.4.9"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-fs/openafs | <Β 1.4.9 | UNKNOWN |
Related
nessus
nessus
Mandriva Linux Security Advisory : openafs (MDVSA-2009:099-1)
2009-04-28 00:00:00
GLSA-201101-05 : OpenAFS: Arbitrary code execution
2011-01-17 00:00:00
openvas
openvas
Mandriva Security Advisory MDVSA-2009:099-1 (openafs)
2009-12-14 00:00:00
Mandriva Security Advisory MDVSA-2009:099-1 (openafs)
2009-12-14 00:00:00
Debian: Security Advisory (DSA-1768-1)
2009-04-15 00:00:00
securityvulns
securityvulns
[ GLSA 201101-05 ] OpenAFS: Arbitrary code execution
2011-01-19 00:00:00
OpenAFS security vulnerabilities
2011-01-19 00:00:00
[SECURITY] [DSA 1768-1] New openafs packages potential code execution
2009-04-12 00:00:00
debian
debian
[SECURITY] [DSA 1768-1] New openafs packages potential code execution
2009-04-10 14:51:13
[Backports-security-announce] Security Update for openafs
2009-04-10 21:48:30
[Backports-security-announce] Security Update for openafs
2009-04-10 21:38:35
osv
osv
openafs - potential code execution
2009-04-10 00:00:00
cvelist
cvelist
CVE-2009-1250
2009-04-09 00:00:00
CVE-2009-1251
2009-04-09 00:00:00
nvd
nvd
CVE-2009-1251
2009-04-09 00:30:00
CVE-2009-1250
2009-04-09 00:30:00
ubuntucve
ubuntucve
CVE-2009-1251
2009-04-09 00:00:00
CVE-2009-1250
2009-04-09 00:00:00
debiancve
debiancve
CVE-2009-1251
2009-04-09 00:30:00
CVE-2009-1250
2009-04-09 00:30:00
cve
cve
CVE-2009-1251
2009-04-09 00:30:00
CVE-2009-1250
2009-04-09 00:30:00
seebug
seebug
OpenAFSεΊι代η θΏη¨ζη»ζε‘ζΌζ΄
2009-04-10 00:00:00
prion
prion
Null pointer dereference
2009-04-09 00:30:00
Heap overflow
2009-04-09 00:30:00
gentoo
gentoo
OpenAFS: Multiple vulnerabilities
2014-04-07 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.163
Percentile
96.0%
Related for GLSA-201101-05