FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

net/openafs -- buffer overflow

Affected packages
openafs < 1.6.2.*

Details

VuXML ID 0bf376b7-cc6b-11e2-a424-14dae938ec40
Discovery 2013-02-27
Entry 2013-06-03

Nickolai Zeldovich reports:

An attacker with the ability to manipulate AFS directory ACLs may crash the fileserver hosting that volume. In addition, once a corrupt ACL is placed on a fileserver, its existence may crash client utilities manipulating ACLs on that server.

References

CVE Name CVE-2013-1794
URL http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt