6.5

CVE-2016-2860

EPSS 0.25%
Published 13.05.2016 16:59:08
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Openafs ≫ Openafs Version <= 1.6.16

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.484

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.debian.org/security/2016/dsa-3569

http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0

http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt

Vendor Advisory

https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html

https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17

https://nvd.nist.gov/vuln/detail/CVE-2016-2860

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2860

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2860

EUVD