VulnerableCode Package Details - pkg:deb/ubuntu/openafs@1.6.7-1ubuntu1.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-5eup-58yh-aaaf Aliases: CVE-2017-17432	OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.	1.8.0~pre5-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7exr-hbp5-aaam Aliases: CVE-2018-16947	An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.	1.8.4~pre1-1ubuntu2 Affected by 0 other vulnerabilities.
VCID-f41g-gs61-aaaa Aliases: CVE-2016-4536	The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.	1.6.18-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-myvc-5beu-aaad Aliases: CVE-2016-9772	OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.	1.6.20-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rhv5-9sqn-aaaj Aliases: CVE-2016-2860	The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.	1.6.18-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-spuv-5rhp-aaab Aliases: CVE-2018-16949	An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.	1.8.4~pre1-1ubuntu2 Affected by 0 other vulnerabilities.
VCID-srn2-af6s-aaaa Aliases: CVE-2018-16948	An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.	1.8.4~pre1-1ubuntu2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5eup-58yh-aaaf
Aliases:
CVE-2017-17432

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.

1.8.0~pre5-1
Affected by 3 other vulnerabilities.

VCID-7exr-hbp5-aaam
Aliases:
CVE-2018-16947

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. The backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. Handling those RPCs results in operations being performed with administrator credentials, including dumping/restoring volume contents and manipulating the backup database. For example, an unauthenticated attacker can replace any volume's content with arbitrary data.

1.8.4~pre1-1ubuntu2
Affected by 0 other vulnerabilities.

VCID-f41g-gs61-aaaa
Aliases:
CVE-2016-4536

The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.

1.6.18-1
Affected by 5 other vulnerabilities.

VCID-myvc-5beu-aaad
Aliases:
CVE-2016-9772

OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.

1.6.20-1
Affected by 4 other vulnerabilities.

VCID-rhv5-9sqn-aaaj
Aliases:
CVE-2016-2860

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.

1.6.18-1
Affected by 5 other vulnerabilities.

VCID-spuv-5rhp-aaab
Aliases:
CVE-2018-16949

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections.

1.8.4~pre1-1ubuntu2
Affected by 0 other vulnerabilities.

VCID-srn2-af6s-aaaa
Aliases:
CVE-2018-16948

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory.

1.8.4~pre1-1ubuntu2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-173c-q66q-aaar	The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.	CVE-2015-3285
VCID-9wkd-krwb-aaae	The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.	CVE-2015-6587
VCID-be58-qg4j-aaac	pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.	CVE-2015-3284
VCID-hfdg-2xm9-aaac	rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.	CVE-2015-7763
VCID-kyf8-32x6-aaae	vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.	CVE-2015-3282
VCID-tekf-yvd5-aaac	OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.	CVE-2015-3283
VCID-um7x-b5bd-aaaj	rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.	CVE-2015-7762

Vulnerability

Summary

Aliases

VCID-173c-q66q-aaar

The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.

CVE-2015-3285

VCID-9wkd-krwb-aaae

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

CVE-2015-6587

VCID-be58-qg4j-aaac

pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.

CVE-2015-3284

VCID-hfdg-2xm9-aaac

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

CVE-2015-7763

VCID-kyf8-32x6-aaae

vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.

CVE-2015-3282

VCID-tekf-yvd5-aaac

OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.

CVE-2015-3283

VCID-um7x-b5bd-aaaj

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

CVE-2015-7762

Next non-vulnerable version	1.8.4~pre1-1ubuntu2
Latest non-vulnerable version	1.8.4~pre1-1ubuntu2
Risk	4.4