CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10397 – Debian Security Advisory 5842-1
https://notcve.org/view.php?id=CVE-2024-10397
14 Nov 2024 — A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code. A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code. Several vulnerabilities were discovered in OpenAFS, an implementation of the AFS distributed filesystem, which may result in theft of credentials in Unix client PAGs (CVE-2024-10394), fileserver crashes and information leak on StoreACL/FetchACL (CVE-2024-10396) or buffer ... • https://openafs.org/pages/security/OPENAFS-SA-2024-003.txt • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10396 – An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash
https://notcve.org/view.php?id=CVE-2024-10396
14 Nov 2024 — An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server. An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expos... • https://openafs.org/pages/security/OPENAFS-SA-2024-002.txt • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10394 – A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix client
https://notcve.org/view.php?id=CVE-2024-10394
14 Nov 2024 — A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG. A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG. ... • https://openafs.org/pages/security/OPENAFS-SA-2024-001.txt • CWE-190: Integer Overflow or Wraparound •