From ${URL} : Description Some vulnerabilities have been reported in OpenAFS, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service). 1) Some errors when handling an ACL entry can be exploited to cause a buffer overflow via a specially crafted ACL entry. Successful exploitation of this vulnerability may allow the execution of arbitrary code, but requires the permission to create ACLs. 2) An integer overflow error when handling IdToName RPC related to a ptserver can be exploited to cause a buffer overflow and crash the ptserver via a specially crafted IdToName RPC with a large payload. The vulnerabilities are reported in versions prior to 1.6.2. Solution Update to version 1.6.2 or later or apply patch (please see the vendor's advisories for details). Provided and/or discovered by The vendor credits Nickolai Zeldovich. Original Advisory http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt
CVE-2013-1795 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1795): Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow. CVE-2013-1794 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1794): Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry.
updated versions are in the tree now
Arches, please test and mark stable: =net-fs/openafs-1.6.2 Target KEYWORDS: "amd64 sparc x86 ~amd64-linux ~x86-linux"
amd64 stable
x86 stable
sparc stable
This issue was resolved and addressed in GLSA 201404-05 at http://security.gentoo.org/glsa/glsa-201404-05.xml by GLSA coordinator Mikle Kolyada (Zlogene).
