Openafs : Security Vulnerabilities, CVEs, Published In 2016
The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.
Max CVSS
5.3
EPSS Score
0.30%
Published
2016-05-13
Updated
2016-05-19
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
Max CVSS
6.5
EPSS Score
0.17%
Published
2016-05-13
Updated
2016-05-19
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-05-13
Updated
2018-05-17
3 vulnerabilities found