CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
97.0%
Updated openafs packages fix security vulnerabilities: Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument (CVE-2014-0159). OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet (CVE-2014-2852). OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests (CVE-2014-4044). The OpenAFS package has been updated to version 1.6.10, fixing these issues and other bugs, as well as providing support for newer kernel versions.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | openafs | <Β 1.6.10-1.1 | openafs-1.6.10-1.1.mga4 |
www.openafs.org/dl/openafs/1.6.7/RELNOTES-1.6.10
www.openafs.org/dl/openafs/1.6.7/RELNOTES-1.6.6
www.openafs.org/dl/openafs/1.6.7/RELNOTES-1.6.7
www.openafs.org/dl/openafs/1.6.7/RELNOTES-1.6.8
www.openafs.org/dl/openafs/1.6.9/RELNOTES-1.6.9
www.openafs.org/security/OPENAFS-SA-2014-001.txt
www.openafs.org/security/OPENAFS-SA-2014-002.txt
bugs.mageia.org/show_bug.cgi?id=13188
lists.openafs.org/pipermail/openafs-announce/2014/000455.html
lists.openafs.org/pipermail/openafs-announce/2014/000460.html
lists.openafs.org/pipermail/openafs-announce/2014/000467.html
lists.openafs.org/pipermail/openafs-announce/2014/000468.html
lists.openafs.org/pipermail/openafs-announce/2014/000472.html
www.debian.org/security/2014/dsa-2899