Openafs : Security Vulnerabilities, CVEs, Published In 2013

CVE-2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
Max CVSS
4.3
EPSS Score
0.15%
Published
2013-11-05
Updated
2016-08-24

CVE-2013-4134

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.
Max CVSS
4.3
EPSS Score
0.21%
Published
2013-11-05
Updated
2016-08-24

CVE-2013-1795

Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow.
Max CVSS
5.0
EPSS Score
4.10%
Published
2013-03-14
Updated
2017-08-29

CVE-2013-1794

Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry.
Max CVSS
6.5
EPSS Score
4.55%
Published
2013-03-14
Updated
2017-08-29
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close