CVE-2015-3286

Name of the Vulnerable Software and Affected Versions OpenAFS versions prior to 1.6.13

Description The issue is related to a buffer overflow in the Solaris kernel extension, which can be triggered by a large group list when joining a PAG. This can cause a denial of service, resulting in a panic or deadlock, and may have other unspecified impacts.

Recommendations For versions prior to 1.6.13, update to version 1.6.13 or later to resolve the issue. As a temporary workaround, consider restricting the size of group lists when joining a PAG to minimize the risk of exploitation.