Summary: | <net-fs/openafs-1.6.5: Traffic Encryption Information Disclosure Security Issue (CVE-2013-4135) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | andrej.filipcic, net-fs, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/54184/ | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 478296, 478498 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-07-26 19:39:41 UTC
GLSA vote: yes. GLSA vote: yes Added to existing GLSA draft CVE-2013-4135 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4135): The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. This issue was resolved and addressed in GLSA 201404-05 at http://security.gentoo.org/glsa/glsa-201404-05.xml by GLSA coordinator Mikle Kolyada (Zlogene). |