FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openafs -- multiple vulnerabilities

Affected packages
openafs < 1.6.17


VuXML ID bcbd3fe0-2b46-11e6-ae88-002590263bf5
Discovery 2016-03-16
Entry 2016-06-05

The OpenAFS development team reports:

Foreign users can bypass access controls to create groups as system:administrators, including in the user namespace and the system: namespace.

The contents of uninitialized memory are sent on the wire when clients perform certain RPCs. Depending on the RPC, the information leaked may come from kernel memory or userspace.


CVE Name CVE-2016-2860
CVE Name CVE-2016-4536
FreeBSD PR ports/209534