Mark Vitale

**Name of the Vulnerable Software and Affected Versions** OpenAFS versions prior to 1.6.23 OpenAFS versions 1.8.x prior to 1.8.2 **Description** An issue was discovered where several RPC server routines did not fully initialize their output variables before returning, resulting in memory contents leakage from both the stack and the heap. The OpenAFS cache manager, functioning as an Rx server for the AFSCB service, makes clients susceptible to information leakage. For instance, `RXAFSCB TellMeAboutYourself` leaks kernel memory and `KAM ListEntry` leaks kaserver memory. **Recommendations** For OpenAFS versions prior to 1.6.23, update to version 1.6.23 or later. For OpenAFS versions 1.8.x prior to 1.8.2, update to version 1.8.2 or later.

**Name of the Vulnerable Software and Affected Versions** OpenAFS versions prior to 1.6.23 OpenAFS versions 1.8.x prior to 1.8.2 **Description** An issue was discovered where several data types used as RPC input variables were implemented as unbounded array types. This could allow an unauthenticated attacker to send large input values, consuming server resources and denying service to other valid connections. **Recommendations** For OpenAFS versions prior to 1.6.23, update to version 1.6.23 or later. For OpenAFS versions 1.8.x prior to 1.8.2, update to version 1.8.2 or later.

**Name of the Vulnerable Software and Affected Versions** OpenAFS versions 1.6.19 and earlier **Description** The issue allows remote attackers to obtain sensitive directory information. This can be achieved through various vectors, including the client cache partition, the fileserver vice partition, or certain RPC responses. **Recommendations** For OpenAFS versions 1.6.19 and earlier, consider restricting access to the client cache partition, the fileserver vice partition, and limiting the exposure of RPC responses until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.