VulnerableCode Package Details - pkg:deb/debian/openafs@1.8.9-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-cxwd-3afk-6ufm Aliases: CVE-2024-10396	An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.	1.8.9-1+deb12u1 Affected by 0 other vulnerabilities. 1.8.13-1 Affected by 0 other vulnerabilities.
VCID-f9ys-frnt-87e2 Aliases: CVE-2024-10394	A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG.	1.8.9-1+deb12u1 Affected by 0 other vulnerabilities. 1.8.13-1 Affected by 0 other vulnerabilities.
VCID-wqme-guhs-wbbr Aliases: CVE-2024-10397	A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.	1.8.9-1+deb12u1 Affected by 0 other vulnerabilities. 1.8.13-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-cxwd-3afk-6ufm
Aliases:
CVE-2024-10396

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.

1.8.9-1+deb12u1
Affected by 0 other vulnerabilities.

1.8.13-1
Affected by 0 other vulnerabilities.

VCID-f9ys-frnt-87e2
Aliases:
CVE-2024-10394

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG.

1.8.9-1+deb12u1
Affected by 0 other vulnerabilities.

1.8.13-1
Affected by 0 other vulnerabilities.

VCID-wqme-guhs-wbbr
Aliases:
CVE-2024-10397

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.

1.8.9-1+deb12u1
Affected by 0 other vulnerabilities.

1.8.13-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-02-21T18:04:55.844613+00:00	Debian Importer	Affected by	VCID-wqme-guhs-wbbr	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T18:04:55.141782+00:00	Debian Importer	Fixing	VCID-wqme-guhs-wbbr	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T18:04:54.425393+00:00	Debian Importer	Fixing	VCID-cxwd-3afk-6ufm	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T18:04:53.720745+00:00	Debian Importer	Affected by	VCID-cxwd-3afk-6ufm	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T18:04:53.027313+00:00	Debian Importer	Fixing	VCID-f9ys-frnt-87e2	https://security-tracker.debian.org/tracker/data/json	35.1.0
2025-02-21T18:04:52.325909+00:00	Debian Importer	Affected by	VCID-f9ys-frnt-87e2	https://security-tracker.debian.org/tracker/data/json	35.1.0
2024-11-24T06:40:10.073913+00:00	Debian Importer	Affected by	VCID-wqme-guhs-wbbr	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-24T06:40:09.376680+00:00	Debian Importer	Affected by	VCID-cxwd-3afk-6ufm	https://security-tracker.debian.org/tracker/data/json	35.0.0
2024-11-24T06:40:08.645046+00:00	Debian Importer	Affected by	VCID-f9ys-frnt-87e2	https://security-tracker.debian.org/tracker/data/json	35.0.0