FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openafs -- Denial of Service

Affected packages
1.4.8 <= openafs < 1.6.7


VuXML ID c0c31b27-bff3-11e3-9d09-000c2980a9f3
Discovery 2014-04-09
Entry 2014-04-09

The OpenAFS development team reports:

An attacker with the ability to connect to an OpenAFS fileserver can trigger a buffer overflow, crashing the server.

The buffer overflow can be triggered by sending an unauthenticated request for file server statistical information.

Clients are not affected.


CVE Name CVE-2014-0159