VulnerableCode Package Details - pkg:deb/debian/openafs@1.8.9-1%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-cxwd-3afk-6ufm	An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.	CVE-2024-10396
VCID-f9ys-frnt-87e2	A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG.	CVE-2024-10394
VCID-wqme-guhs-wbbr	A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.	CVE-2024-10397

Vulnerability

Summary

Aliases

VCID-cxwd-3afk-6ufm

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.

CVE-2024-10396

VCID-f9ys-frnt-87e2

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG.

CVE-2024-10394

VCID-wqme-guhs-wbbr

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.

CVE-2024-10397

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T01:07:45.172803+00:00	Debian Importer	Fixing	VCID-wqme-guhs-wbbr	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T23:12:07.824508+00:00	Debian Importer	Fixing	VCID-f9ys-frnt-87e2	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T21:23:40.708108+00:00	Debian Importer	Fixing	VCID-cxwd-3afk-6ufm	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-04-04T03:51:21.906051+00:00	Debian Importer	Fixing	VCID-wqme-guhs-wbbr	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T01:52:19.097392+00:00	Debian Importer	Fixing	VCID-f9ys-frnt-87e2	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-04-04T00:01:32.132558+00:00	Debian Importer	Fixing	VCID-cxwd-3afk-6ufm	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-02-21T18:04:55.850099+00:00	Debian Importer	Fixing	VCID-wqme-guhs-wbbr	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T18:04:53.725961+00:00	Debian Importer	Fixing	VCID-cxwd-3afk-6ufm	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T18:04:52.334147+00:00	Debian Importer	Fixing	VCID-f9ys-frnt-87e2	https://security-tracker.debian.org/tracker/data/json	35.1.0