CVSS: 5.9EPSS: 1%CPEs: 4EXPL: 0CVE-2007-6599
https://notcve.org/view.php?id=CVE-2007-6599
04 Jan 2008 — Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock. Condición de carrera en el servidor de ficheros de OpenAFS 1.3.50 hasta 1.4.5 y 1.5.0 hasta 1.5.27 permite a atacantes remotos provocar una denegación de servicio (caída de demoni... • http://lists.openafs.org/pipermail/openafs-announce/2007/000220.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.4EPSS: 1%CPEs: 21EXPL: 0CVE-2007-1507
https://notcve.org/view.php?id=CVE-2007-1507
20 Mar 2007 — The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache. La configuración predeterminada en OpenAFS versiones 1.4.x anteriores a 1.4.4 y versiones 1.5.x anteriores a 1.5.17, admite programas setuid dentro de la celda local, lo que podría permitir a atacantes alcan... • http://secunia.com/advisories/24582 • CWE-16: Configuration •