Openafs: >> Openafs >> 1.6.16 Security Vulnerabilities
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-02-06
The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic.
CVSS Score
5.3
EPSS Score
0.003
Published
2016-05-13
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
CVSS Score
6.5
EPSS Score
0.003
Published
2016-05-13
Page 2