CVE-2013-1795

Name of the Vulnerable Software and Affected Versions OpenAFS versions prior to 1.6.5 OpenAFS versions prior to 1.6.2

Description The issue is related to an integer overflow in the ptserver component of OpenAFS, which can be triggered by a large list from the IdToName RPC, leading to a heap-based buffer overflow and causing a denial of service (crash). Additionally, there are multiple vulnerabilities in the OpenAFS package that can be exploited remotely, potentially compromising the confidentiality, integrity, and availability of protected information.

Recommendations For OpenAFS versions prior to 1.6.2, update to version 1.6.2 or later to resolve the integer overflow issue. For OpenAFS versions prior to 1.6.5, update to version 1.6.5 or later to address the multiple vulnerabilities. As a temporary workaround, consider restricting access to the ptserver component until a patch is available.