VDB

GCVE-110-MAGEIA-2014-515

GCVE-110-MAGEIA-2014-515
Advisory Published
Vulnetix · Advisory published December 9, 2014
Updated openafs packages fix security vulnerabilities: Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument (CVE-2014-0159). OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet (CVE-2014-2852). OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests (CVE-2014-4044). The OpenAFS package has been updated to version 1.6.10, fixing these issues and other bugs, as well as providing support for newer kernel versions.

Affected Products

VendorProductVersionsPlatforms
Mageiaopenafs0 (affected), 1.6.10-1.1.mga4 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›