PT-2015-1988 · Openafs · Openafs

Publicado

2015-07-30

Atualizado

2015-09-08

CVE-2015-6587

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions OpenAFS versions prior to 1.6.13

Description The issue is caused by a buffer overflow in the OpenAFS file system. It may allow a remote attacker to cause a denial of service by using a specially crafted regular expression in the VL ListAttributesN2 RPC call. This can lead to an out-of-bounds read and crash.

Recommendations For versions prior to 1.6.13, update to version 1.6.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the VL ListAttributesN2 RPC call to minimize the risk of exploitation.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2015-11334

CVE-2015-6587

DLA-342-1

DSA-3320-1

MGASA-2015-0337

Produtos afetados

Openafs

PT-2015-1988 · Openafs · Openafs

CVE-2015-6587

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 33