CVE-2009-1250

Name of the Vulnerable Software and Affected Versions OpenAFS versions 1.0 through 1.4.8 OpenAFS versions 1.5.0 through 1.5.58 OpenAFS versions prior to 1.6.5

Description The issue affects the cache manager in the client, allowing remote attackers to cause a denial of service, potentially leading to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be done remotely, related to the use of the ERR PTR macro when handling an RX response with a large error-code value that is interpreted as a pointer and dereferenced.

Recommendations For OpenAFS versions 1.0 through 1.4.8, update to a version later than 1.4.8. For OpenAFS versions 1.5.0 through 1.5.58, update to a version later than 1.5.58. For OpenAFS versions prior to 1.6.5, update to version 1.6.5 or later.