Published: 06/11/2015 Updated: 07/12/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

rx/rx.c in OpenAFS prior to 1.6.15 and 1.7.x prior to 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote malicious users to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openafs openafs 1.7.13
openafs openafs 1.7.14
openafs openafs 1.7.20
openafs openafs 1.7.21
openafs openafs 1.7.28
openafs openafs 1.7.29
openafs openafs
openafs openafs 1.7.1
openafs openafs 1.7.10
openafs openafs 1.7.17
openafs openafs 1.7.19
openafs openafs 1.7.24
openafs openafs 1.7.25
openafs openafs 1.7.4
openafs openafs 1.7.8
openafs openafs 1.7.15
openafs openafs 1.7.16
openafs openafs 1.7.22
openafs openafs 1.7.23
openafs openafs 1.7.3
openafs openafs 1.7.30
openafs openafs 1.7.31
openafs openafs 1.7.11
openafs openafs 1.7.12
openafs openafs 1.7.18
openafs openafs 1.7.2
openafs openafs 1.7.26
openafs openafs 1.7.27
debian debian linux 8.0
debian debian linux 7.0

John Stumpo discovered that OpenAFS, a distributed file system, does not fully initialize certain network packets before transmitting them This can lead to a disclosure of the plaintext of previously processed packets For the oldstable distribution (wheezy), these problems have been fixed in version 161-3+deb7u5 For the stable distribution (je ...

CWE-200 https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15 https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html http://www.debian.org/security/2015/dsa-3387 https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt http://www.securitytracker.com/id/1034039 https://nvd.nist.gov https://www.debian.org/security/./dsa-3387

CVE-2015-7762

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect