CVE-2018-7168

Name of the Vulnerable Software and Affected Versions Openafs versions prior to 1.9.1

Description The issue arises from certain AFS3 clients that improperly construct access control lists, which are then stored in directories via the RXAFS StoreACL opcode. These clients add negative access control entries to the normal rights list. Since file servers cannot determine if an ACL is improperly constructed, the solution involves identifying clients that properly construct ACLs by introducing a new RXAFS StoreACL opcode.

Recommendations For versions prior to 1.9.1, update to version 1.9.1 to resolve the issue.