The newEntry function in ptserver/ptprocs.c in OpenAFS prior to 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openafs openafs |
||
debian debian linux 8.0 |