Published: 14/03/2013 Updated: 29/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Integer overflow in ptserver in OpenAFS prior to 1.6.2 allows remote malicious users to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openafs openafs 1.5.76
openafs openafs 1.5.75
openafs openafs 1.5.68
openafs openafs 1.5.67
openafs openafs 1.5.59
openafs openafs 1.5.78
openafs openafs 1.5.77
openafs openafs 1.5.70
openafs openafs 1.5.69
openafs openafs 1.5.61
openafs openafs 1.5.60
openafs openafs 1.5.53
openafs openafs 1.5.52
openafs openafs
openafs openafs 1.6.0
openafs openafs 1.5.72
openafs openafs 1.5.71
openafs openafs 1.5.64
openafs openafs 1.5.63
openafs openafs 1.5.62
openafs openafs 1.5.55
openafs openafs 1.5.54
openafs openafs 1.5.37
openafs openafs 1.5.36
openafs openafs 1.5.28
openafs openafs 1.5.27
openafs openafs 1.5.20
openafs openafs 1.5.19
openafs openafs 1.5.12
openafs openafs 1.5.11
openafs openafs 1.5.58
openafs openafs 1.5.51
openafs openafs 1.5.50
openafs openafs 1.5.33
openafs openafs 1.5.32
openafs openafs 1.5.24
openafs openafs 1.5.23
openafs openafs 1.5.16
openafs openafs 1.5.15
openafs openafs 1.5.35
openafs openafs 1.5.34
openafs openafs 1.5.26
openafs openafs 1.5.25
openafs openafs 1.5.18
openafs openafs 1.5.17
openafs openafs 1.5.10
openafs openafs 1.5.74
openafs openafs 1.5.73
openafs openafs 1.5.66
openafs openafs 1.5.65
openafs openafs 1.5.57
openafs openafs 1.5.56
openafs openafs 1.5.39
openafs openafs 1.5.38
openafs openafs 1.5.31
openafs openafs 1.5.30
openafs openafs 1.5.29
openafs openafs 1.5.22
openafs openafs 1.5.21
openafs openafs 1.5.14
openafs openafs 1.5.13

Multiple buffer overflows were discovered in OpenAFS, the implementation of the distributed filesystem AFS, which might result in denial of service or the execution of arbitrary code Further information is available at wwwopenafsorg/security For the stable distribution (squeeze), this problem has been fixed in version 14121+dfsg-4+squ ...

CWE-189 http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt http://secunia.com/advisories/52480 http://secunia.com/advisories/52342 http://www.debian.org/security/2013/dsa-2638 http://www.securityfocus.com/bid/58300 http://www.mandriva.com/security/advisories?name=MDVSA-2014:244 https://exchange.xforce.ibmcloud.com/vulnerabilities/82585 https://nvd.nist.gov https://www.debian.org/security/./dsa-2638

CVE-2013-1795

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect