FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openafs -- multiple vulnerabilities

Affected packages
openafs < 1.6.17

Details

VuXML ID bcbd3fe0-2b46-11e6-ae88-002590263bf5
Discovery 2016-03-16
Entry 2016-06-05

The OpenAFS development team reports:

Foreign users can bypass access controls to create groups as system:administrators, including in the user namespace and the system: namespace.

[source]

The contents of uninitialized memory are sent on the wire when clients perform certain RPCs. Depending on the RPC, the information leaked may come from kernel memory or userspace.

[source]

References

CVE Name CVE-2016-2860
CVE Name CVE-2016-4536
FreeBSD PR ports/209534
URL http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt
URL http://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.