FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openafs -- Denial of Service

Affected packages
1.4.8 <= openafs < 1.6.7

Details

VuXML ID c0c31b27-bff3-11e3-9d09-000c2980a9f3
Discovery 2014-04-09
Entry 2014-04-09

The OpenAFS development team reports:

An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server.

The buffer overflow can be triggered by sending an unauthenticated request for file server statistical information.

Clients are not affected.

[source]

References

CVE Name CVE-2014-0159
URL http://openafs.org/security/OPENAFS-SA-2014-001.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.