6.5

CVE-2016-2860

EPSS 0.25%
Veröffentlicht 13.05.2016 16:59:08
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openafs ≫ Openafs Version <= 1.6.16

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.484

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.debian.org/security/2016/dsa-3569

http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0

http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt

Vendor Advisory

https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html

https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17

https://nvd.nist.gov/vuln/detail/CVE-2016-2860

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2860

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2860

EUVD