Openafs

Openafs

36 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2016-9772

  • EPSS 0.26%
  • Published 06.02.2017 17:59:00
  • Last modified 20.04.2025 01:37:25

OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.

5.3

CVE-2016-4536

  • EPSS 0.3%
  • Published 13.05.2016 16:59:11
  • Last modified 12.04.2025 10:46:40

The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory inform...

6.5

CVE-2016-2860

  • EPSS 0.25%
  • Published 13.05.2016 16:59:08
  • Last modified 12.04.2025 10:46:40

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the ...

7.8

CVE-2015-8312

  • EPSS 0.04%
  • Published 13.05.2016 16:59:06
  • Last modified 12.04.2025 10:46:40

Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.

5

CVE-2015-7763

  • EPSS 0.47%
  • Published 06.11.2015 21:59:11
  • Last modified 12.04.2025 10:46:40

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conduct...

5

CVE-2015-7762

  • EPSS 0.47%
  • Published 06.11.2015 21:59:09
  • Last modified 12.04.2025 10:46:40

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conductin...

4

CVE-2015-6587

  • EPSS 0.63%
  • Published 02.09.2015 10:59:00
  • Last modified 12.04.2025 10:46:40

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

4.6

CVE-2015-3286

  • EPSS 0.07%
  • Published 12.08.2015 14:59:19
  • Last modified 12.04.2025 10:46:40

Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.

2.1

CVE-2015-3285

  • EPSS 0.08%
  • Published 12.08.2015 14:59:18
  • Last modified 12.04.2025 10:46:40

The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.

2.1

CVE-2015-3284

  • EPSS 0.06%
  • Published 12.08.2015 14:59:17
  • Last modified 12.04.2025 10:46:40

pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.