CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9772
https://notcve.org/view.php?id=CVE-2016-9772
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses. OpenAFS 1.6.19 y versiones anteriores permiten a atacantes remotos obtener información de directorio sensible a través de vectores que implican (1) la partición de caché de cliente, (2) partición del servidor de archivos vice o (3) ciertas respuestas de RPC. • http://www.openwall.com/lists/oss-security/2016/12/02/9 http://www.securityfocus.com/bid/94651 https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4536
https://notcve.org/view.php?id=CVE-2016-4536
The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic. El cliente en OpenAFS en versiones anteriores a 1.6.17 no inicializa adecuadamente las estructuras (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes y (4) ListAddrByAttributes, lo que podría permitir a atacantes remotos obtener información de memoria sensible aprovechando el acceso al tráfico de llamadas RPC. • https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17 https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-8312
https://notcve.org/view.php?id=CVE-2015-8312
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes. Error por un paso en afs_pioctl.c en OpenAFS en versiones anteriores a 1.6.16 podría permitir a usuarios locales provocar una denegación de servicio (sobrescritura de memoria y caída de sistema) a través de un pioctl con un tamaño de buffer de entrada de 4096 bytes. • http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=2ef863720da4d9f368aaca0461c672a3008195ca http://www.debian.org/security/2016/dsa-3569 https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16 • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2860
https://notcve.org/view.php?id=CVE-2016-2860
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID. La función newEntry en ptserver/ptprocs.c en OpenAFS en versiones anteriores a 1.6.17 permite a usuarios remotos autenticados de dominios Kerberos ajenos eludir las restricciones destinadas al acceso y crear grupos arbitrarios como administradores aprovechando que no maneja correctamente el ID creator. • http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0 http://www.debian.org/security/2016/dsa-3569 http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 30EXPL: 0CVE-2015-7762
https://notcve.org/view.php?id=CVE-2015-7762
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. rx/rx.c en OpenAFS en versiones anteriores a 1.6.15 y 1.7.x en versiones anteriores a 1.7.33 no inicializa adecuadamente el relleno de una estructura de datos cuando construye un paquete de reconocimiento (ACK) Rx, lo que permite a atacantes remotos obtener información sensible (1) llevando a cabo un ataque de repetición o (2) rastreando la red. • http://www.debian.org/security/2015/dsa-3387 http://www.securitytracker.com/id/1034039 https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15 https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •