CVE-2015-7763
https://notcve.org/view.php?id=CVE-2015-7763
rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. rx/rx.c en OpenAFS 1.5.75 hasta la versión 1.5.78, 1.6.x en vesiones anteriores a 1.6.15 y 1.7.x en versiones anteriores a 1.7.33 no inicializa adecuadamente el relleno en el final de un paquete de reconocimiento (ACK) Rx, lo que permite a atacantes remotos obtener información sensible (1) llevando a cabo un ataque de repetición o (2) rastreando la red. • http://www.debian.org/security/2015/dsa-3387 http://www.securitytracker.com/id/1034039 https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15 https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •