Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25509
HistoryJan 19, 2011 - 12:00 a.m.

[ GLSA 201101-05 ] OpenAFS: Arbitrary code execution

2011-01-1900:00:00
vulners.com
9
JSON

Gentoo Linux Security Advisory GLSA 201101-05

                                        http://security.gentoo.org/

Severity: Normal
Title: OpenAFS: Arbitrary code execution
Date: January 16, 2011
Bugs: #265538
ID: 201101-05

Synopsis

The cache manager of OpenAFS contains several bugs resulting in remote
execution of arbitrary code.

Background

OpenAFS is a distributed file system.

Affected packages

-------------------------------------------------------------------
 Package         /  Vulnerable  /                       Unaffected
-------------------------------------------------------------------

1 net-fs/openafs < 1.4.9 >= 1.4.9

Description

Two vulnerabilites were discovered:

  • Simon Wilkinson discovered from a bug report by Toby Blake that the
    cache manager of OpenAFS contains a heap-based buffer overflow which
    is related to the use of the ERR_PTR macro (CVE-2009-1250).

  • A pointer dereference bug when using XDR arrays was discovered by
    Simon Wilkinson, with assistance from Derrick Brashear and Jeffrey
    Altman. (CVE-2009-1251).

Impact

The vulnerabilites might allow remote unauthenticated attackers to
cause a Denial of Service (system crash) and possibly execute arbitrary
code.

Workaround

There is no known workaround at this time.

Resolution

All OpenAFS users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-fs/openafs-1.4.9&quot;

References

[ 1 ] CVE-2009-1250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1250
[ 2 ] CVE-2009-1251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1251

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201101-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2011 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Related

nessus 5
openvas 9
securityvulns 3
osv 1
debian 3
gentoo 2
cve 2
debiancve 2
ubuntucve 2
prion 2
seebug 1
nessus
nessus
Mandriva Linux Security Advisory : openafs (MDVSA-2009:099-1)
2009-04-28 00:00:00
GLSA-201101-05 : OpenAFS: Arbitrary code execution
2011-01-17 00:00:00
Scientific Linux Security Update : openafs on SL3.x, SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
openvas
openvas
Mandriva Security Advisory MDVSA-2009:099-1 (openafs)
2009-12-14 00:00:00
Mandriva Security Advisory MDVSA-2009:099-1 (openafs)
2009-12-14 00:00:00
Mandrake Security Advisory MDVSA-2009:099 (openafs)
2009-05-05 00:00:00
securityvulns
securityvulns
OpenAFS security vulnerabilities
2011-01-19 00:00:00
[SECURITY] [DSA 1768-1] New openafs packages potential code execution
2009-04-12 00:00:00
OpenAFS multiple security vulnerabilities
2009-04-12 00:00:00
osv
osv
openafs - potential code execution
2009-04-10 00:00:00
debian
debian
[Backports-security-announce] Security Update for openafs
2009-04-10 21:48:30
[Backports-security-announce] Security Update for openafs
2009-04-10 21:38:35
[SECURITY] [DSA 1768-1] New openafs packages potential code execution
2009-04-10 14:51:13
gentoo
gentoo
OpenAFS: Arbitrary code execution
2011-01-16 00:00:00
OpenAFS: Multiple vulnerabilities
2014-04-07 00:00:00
cve
cve
CVE-2009-1251
2009-04-09 00:30:00
CVE-2009-1250
2009-04-09 00:30:00
debiancve
debiancve
CVE-2009-1251
2009-04-09 00:30:00
CVE-2009-1250
2009-04-09 00:30:00
ubuntucve
ubuntucve
CVE-2009-1251
2009-04-09 00:00:00
CVE-2009-1250
2009-04-09 00:00:00
prion
prion
Heap overflow
2009-04-09 00:30:00
Null pointer dereference
2009-04-09 00:30:00
seebug
seebug
OpenAFS出错代码远程拒绝服务漏洞
2009-04-10 00:00:00
JSON
Related for SECURITYVULNS:DOC:25509
nessus5openvas9securityvulns3osv1debian3gentoo2cve2debiancve2ubuntucve2prion2seebug1