PT-2015-6135 · Oracle+1 · Solaris+1
Published
2015-08-12
·
Updated
2017-09-21
·
CVE-2015-3286
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OpenAFS versions prior to 1.6.13
Description
The issue is related to a buffer overflow in the Solaris kernel extension, which can be triggered by a large group list when joining a PAG. This can cause a denial of service, resulting in a panic or deadlock, and may have other unspecified impacts.
Recommendations
For versions prior to 1.6.13, update to version 1.6.13 or later to resolve the issue. As a temporary workaround, consider restricting the size of group lists when joining a PAG to minimize the risk of exploitation.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openafs
Solaris