Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL
Openafs Openafs 1.5.53 (not an official CPE)
Openafs Openafs 1.5.52 (not an official CPE)
Openafs Openafs 1.5.51 (not an official CPE)
Openafs Openafs 1.5.50 (not an official CPE)
Openafs Openafs 1.5.19 (not an official CPE)
Openafs Openafs 1.5.18 (not an official CPE)
Openafs Openafs 1.5.17 (not an official CPE)
Openafs Openafs 1.5.27 (not an official CPE)
Openafs Openafs 1.5.26 (not an official CPE)
Openafs Openafs 1.5.25 (not an official CPE)
Openafs Openafs 1.5.69 (not an official CPE)
Openafs Openafs 1.5.24 (not an official CPE)
Openafs Openafs 1.5.68 (not an official CPE)
OpenAFS 1.6.1
Openafs Openafs 1.5.23 (not an official CPE)
Openafs Openafs 1.5.67 (not an official CPE)
Openafs Openafs 1.5.22 (not an official CPE)
Openafs Openafs 1.5.66 (not an official CPE)
Openafs Openafs 1.5.21 (not an official CPE)
Openafs Openafs 1.5.65 (not an official CPE)
OpenAFS 1.6.0
Openafs Openafs 1.5.20 (not an official CPE)
Openafs Openafs 1.5.64 (not an official CPE)
Openafs Openafs 1.5.63 (not an official CPE)
Openafs Openafs 1.5.62 (not an official CPE)
Openafs Openafs 1.5.61 (not an official CPE)
Openafs Openafs 1.5.60 (not an official CPE)
Openafs Openafs 1.5.29 (not an official CPE)
Openafs Openafs 1.5.28 (not an official CPE)
Openafs Openafs 1.5.38 (not an official CPE)
Openafs Openafs 1.5.37 (not an official CPE)
Openafs Openafs 1.5.36 (not an official CPE)
Openafs Openafs 1.5.35 (not an official CPE)
Openafs Openafs 1.5.34 (not an official CPE)
OpenAFS 1.5.78
Openafs Openafs 1.5.33 (not an official CPE)
OpenAFS 1.5.77
Openafs Openafs 1.5.32 (not an official CPE)
OpenAFS 1.5.76
Openafs Openafs 1.5.31 (not an official CPE)
OpenAFS 1.5.75
Openafs Openafs 1.5.30 (not an official CPE)
Openafs Openafs 1.5.74 (not an official CPE)
Openafs Openafs 1.5.73 (not an official CPE)
Openafs Openafs 1.5.72 (not an official CPE)
Openafs Openafs 1.5.71 (not an official CPE)
Openafs Openafs 1.5.39 (not an official CPE)
Openafs Openafs 1.5.70 (not an official CPE)
Openafs Openafs 1.5.16 (not an official CPE)
Openafs Openafs 1.5.15 (not an official CPE)
Openafs Openafs 1.5.59 (not an official CPE)
Openafs Openafs 1.5.14 (not an official CPE)
Openafs Openafs 1.5.58 (not an official CPE)
Openafs Openafs 1.5.13 (not an official CPE)
Openafs Openafs 1.5.57 (not an official CPE)
Openafs Openafs 1.5.54 (not an official CPE)
Openafs Openafs 1.5.10 (not an official CPE)
Openafs Openafs 1.5.55 (not an official CPE)
Openafs Openafs 1.5.11 (not an official CPE)
Openafs Openafs 1.5.56 (not an official CPE)
Openafs Openafs 1.5.12 (not an official CPE)
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| 58300 | |||
| http://www.openafs.org/pages/security/OPENAFS-SA-2013-00... | |||
| MDVSA-2014:244 | |||
| DSA-2638 | |||
| openafs-ptserver-overflow(82585) |