Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 460494 (CVE-2013-1794) - <net-fs/openafs-1.6.2: Multiple Buffer Overflow Vulnerabilities (CVE-2013-{1794,1795})
Summary: <net-fs/openafs-1.6.2: Multiple Buffer Overflow Vulnerabilities (CVE-2013-{17...
Status: RESOLVED FIXED
Alias: CVE-2013-1794
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/52480/
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-06 09:08 UTC by Agostino Sarubbo
Modified: 2014-04-07 21:53 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-03-06 09:08:17 UTC
From ${URL} :

Description
Some vulnerabilities have been reported in OpenAFS, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to cause a DoS 
(Denial of Service).

1) Some errors when handling an ACL entry can be exploited to cause a buffer overflow via a specially crafted ACL entry.

Successful exploitation of this vulnerability may allow the execution of arbitrary code, but requires the permission to create ACLs.

2) An integer overflow error when handling IdToName RPC related to a ptserver can be exploited to cause a buffer overflow and crash the ptserver via a specially crafted 
IdToName RPC with a large payload.

The vulnerabilities are reported in versions prior to 1.6.2.


Solution
Update to version 1.6.2 or later or apply patch (please see the vendor's advisories for details).

Provided and/or discovered by
The vendor credits Nickolai Zeldovich.

Original Advisory
http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt
http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-03-21 18:50:48 UTC
CVE-2013-1795 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1795):
  Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers
  to cause a denial of service (crash) via a large list from the IdToName RPC,
  which triggers a heap-based buffer overflow.

CVE-2013-1794 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1794):
  Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows
  remote authenticated users to cause a denial of service (crash) and possibly
  execute arbitrary code via a long fileserver ACL entry.
Comment 2 SpanKY gentoo-dev 2013-03-24 06:03:54 UTC
updated versions are in the tree now
Comment 3 Sean Amoss gentoo-dev Security 2013-04-10 00:21:06 UTC
Arches, please test and mark stable:
=net-fs/openafs-1.6.2
Target KEYWORDS: "amd64 sparc x86 ~amd64-linux ~x86-linux"
Comment 4 Agostino Sarubbo gentoo-dev 2013-04-13 14:17:08 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-04-13 14:19:58 UTC
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-04-13 14:20:24 UTC
sparc stable
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-04-07 21:53:03 UTC
This issue was resolved and addressed in
 GLSA 201404-05 at http://security.gentoo.org/glsa/glsa-201404-05.xml
by GLSA coordinator Mikle Kolyada (Zlogene).