Shodan
Vulnerabilities
Vulnerable Software
Openafs:  >> Openafs  >> 1.0.2  Security Vulnerabilities
CVE-2015-8312
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.
CVSS Score
7.8
EPSS Score
0.0
Published
2016-05-13
CVE-2015-7762
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
CVSS Score
5.0
EPSS Score
0.005
Published
2015-11-06
CVE-2015-6587
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.
CVSS Score
4.0
EPSS Score
0.007
Published
2015-09-02
CVE-2015-3286
Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.
CVSS Score
4.6
EPSS Score
0.002
Published
2015-08-12
CVE-2015-3285
The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-08-12
CVE-2015-3284
pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-08-12
CVE-2015-3283
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.007
Published
2015-08-12
CVE-2015-3282
vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.
CVSS Score
4.3
EPSS Score
0.005
Published
2015-08-12
CVE-2014-2852
OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.
CVSS Score
5.0
EPSS Score
0.005
Published
2014-04-14
CVE-2013-4134
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.
CVSS Score
4.3
EPSS Score
0.002
Published
2013-11-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved