PT-2016-3885 · Openafs · Openafs

Publicado

2016-05-05

·

Atualizado

2018-05-17

·

CVE-2015-8312

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenAFS versions prior to 1.6.16
Description The issue is caused by an off-by-one error in the afs pioctl.c file, which can be exploited by local users to cause a denial of service. This can be achieved by using a pioctl with an input buffer size of 4096 bytes, potentially leading to a memory overwrite and system crash.
Recommendations For versions prior to 1.6.16, update to version 1.6.16 or later to resolve the issue.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CVE-2015-8312
DLA-493-1
DSA-3569-1

Produtos afetados

Openafs