OpenAFS FetchStatus Reply Privilege Escalation Vulnerability

Bugtraq ID:	23060
Class:	Design Error
CVE:	CVE-2007-1507
Remote:	No
Local:	Yes
Published:	Mar 20 2007 12:00AM
Updated:	Apr 05 2007 04:02PM
Credit:	Benjamin Bennett from the Pittsburgh Supercomputing Center reported this vulnerability.
Vulnerable:	OpenAFS OpenAFS 1.5.16 OpenAFS OpenAFS 1.5 OpenAFS OpenAFS 1.4.3 OpenAFS OpenAFS 1.3.81 OpenAFS OpenAFS 1.3.2 OpenAFS OpenAFS 1.3.1 OpenAFS OpenAFS 1.3 OpenAFS OpenAFS 1.2.9 OpenAFS OpenAFS 1.2.8 OpenAFS OpenAFS 1.2.7 OpenAFS OpenAFS 1.2.6 OpenAFS OpenAFS 1.2.5 OpenAFS OpenAFS 1.2.4 OpenAFS OpenAFS 1.2.3 + Debian Linux 3.0 OpenAFS OpenAFS 1.2.2 b OpenAFS OpenAFS 1.2.2 a OpenAFS OpenAFS 1.2.2 OpenAFS OpenAFS 1.2.1 OpenAFS OpenAFS 1.2 OpenAFS OpenAFS 1.1.1 a OpenAFS OpenAFS 1.1.1 OpenAFS OpenAFS 1.1 OpenAFS OpenAFS 1.0.4 a OpenAFS OpenAFS 1.0.4 OpenAFS OpenAFS 1.0.3 OpenAFS OpenAFS 1.0.2 OpenAFS OpenAFS 1.0.1 OpenAFS OpenAFS 1.0 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 Gentoo net-fs/openafs 1.4.2 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha
Not Vulnerable:	OpenAFS OpenAFS 1.4.4 Gentoo net-fs/openafs 1.4.4

OpenAFS FetchStatus Reply Privilege Escalation Vulnerability

OpenAFS is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary commands with superuser privileges on the affected computer.

OpenAFS 1.4.3 (and prior versions) and 1.5.0 through 1.5.16 are affected by this vulnerability.

OpenAFS FetchStatus Reply Privilege Escalation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

OpenAFS FetchStatus Reply Privilege Escalation Vulnerability

Solution:
The vendor has released fixes to address these issues. Please see the references for more information.


OpenAFS OpenAFS 1.0

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.0.1

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.0.2

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.0.3

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.0.4 a

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.0.4

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.1

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.1.1 a

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.1.1

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.2

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.2.1

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.2.2

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.2.2 b

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.2.2 a

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.2.3

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.2.4

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.2.5

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.2.6

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.2.7

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.2.8

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.2.9

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.3

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.3.1

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.3.2

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.3.81

• Debian libopenafs-dev_1.3.81-3sarge2_alpha.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_ 1.3.81-3sarge2_alpha.deb


• Debian libopenafs-dev_1.3.81-3sarge2_amd64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_ 1.3.81-3sarge2_amd64.deb


• Debian libopenafs-dev_1.3.81-3sarge2_hppa.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_ 1.3.81-3sarge2_hppa.deb


• Debian libopenafs-dev_1.3.81-3sarge2_i386.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_ 1.3.81-3sarge2_i386.deb


• Debian libopenafs-dev_1.3.81-3sarge2_ia64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_ 1.3.81-3sarge2_ia64.deb


• Debian libopenafs-dev_1.3.81-3sarge2_powerpc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_ 1.3.81-3sarge2_powerpc.deb


• Debian libopenafs-dev_1.3.81-3sarge2_s390.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_ 1.3.81-3sarge2_s390.deb


• Debian libopenafs-dev_1.3.81-3sarge2_sparc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_ 1.3.81-3sarge2_sparc.deb


• Debian libpam-openafs-kaserver_1.3.81-3sarge2_alpha.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs- kaserver_1.3.81-3sarge2_alpha.deb


• Debian libpam-openafs-kaserver_1.3.81-3sarge2_amd64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs- kaserver_1.3.81-3sarge2_amd64.deb


• Debian libpam-openafs-kaserver_1.3.81-3sarge2_hppa.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs- kaserver_1.3.81-3sarge2_hppa.deb


• Debian libpam-openafs-kaserver_1.3.81-3sarge2_i386.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs- kaserver_1.3.81-3sarge2_i386.deb


• Debian libpam-openafs-kaserver_1.3.81-3sarge2_ia64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs- kaserver_1.3.81-3sarge2_ia64.deb


• Debian libpam-openafs-kaserver_1.3.81-3sarge2_powerpc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs- kaserver_1.3.81-3sarge2_powerpc.deb


• Debian libpam-openafs-kaserver_1.3.81-3sarge2_s390.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs- kaserver_1.3.81-3sarge2_s390.deb


• Debian libpam-openafs-kaserver_1.3.81-3sarge2_sparc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs- kaserver_1.3.81-3sarge2_sparc.deb


• Debian openafs-client_1.3.81-3sarge2_alpha.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-client_ 1.3.81-3sarge2_alpha.deb


• Debian openafs-client_1.3.81-3sarge2_amd64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-client_ 1.3.81-3sarge2_amd64.deb


• Debian openafs-client_1.3.81-3sarge2_hppa.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-client_ 1.3.81-3sarge2_hppa.deb


• Debian openafs-client_1.3.81-3sarge2_i386.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-client_ 1.3.81-3sarge2_i386.deb


• Debian openafs-client_1.3.81-3sarge2_ia64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-client_ 1.3.81-3sarge2_ia64.deb


• Debian openafs-client_1.3.81-3sarge2_powerpc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-client_ 1.3.81-3sarge2_powerpc.deb


• Debian openafs-client_1.3.81-3sarge2_s390.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-client_ 1.3.81-3sarge2_s390.deb


• Debian openafs-client_1.3.81-3sarge2_sparc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-client_ 1.3.81-3sarge2_sparc.deb


• Debian openafs-dbserver_1.3.81-3sarge2_alpha.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserve r_1.3.81-3sarge2_alpha.deb


• Debian openafs-dbserver_1.3.81-3sarge2_amd64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserve r_1.3.81-3sarge2_amd64.deb


• Debian openafs-dbserver_1.3.81-3sarge2_hppa.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserve r_1.3.81-3sarge2_hppa.deb


• Debian openafs-dbserver_1.3.81-3sarge2_i386.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserve r_1.3.81-3sarge2_i386.deb


• Debian openafs-dbserver_1.3.81-3sarge2_ia64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserve r_1.3.81-3sarge2_ia64.deb


• Debian openafs-dbserver_1.3.81-3sarge2_powerpc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserve r_1.3.81-3sarge2_powerpc.deb


• Debian openafs-dbserver_1.3.81-3sarge2_s390.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserve r_1.3.81-3sarge2_s390.deb


• Debian openafs-dbserver_1.3.81-3sarge2_sparc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserve r_1.3.81-3sarge2_sparc.deb


• Debian openafs-fileserver_1.3.81-3sarge2_alpha.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-fileser ver_1.3.81-3sarge2_alpha.deb


• Debian openafs-fileserver_1.3.81-3sarge2_amd64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-fileser ver_1.3.81-3sarge2_amd64.deb


• Debian openafs-fileserver_1.3.81-3sarge2_hppa.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-fileser ver_1.3.81-3sarge2_hppa.deb


• Debian openafs-fileserver_1.3.81-3sarge2_i386.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-fileser ver_1.3.81-3sarge2_i386.deb


• Debian openafs-fileserver_1.3.81-3sarge2_ia64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-fileser ver_1.3.81-3sarge2_ia64.deb


• Debian openafs-fileserver_1.3.81-3sarge2_powerpc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-fileser ver_1.3.81-3sarge2_powerpc.deb


• Debian openafs-fileserver_1.3.81-3sarge2_s390.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-fileser ver_1.3.81-3sarge2_s390.deb


• Debian openafs-fileserver_1.3.81-3sarge2_sparc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-fileser ver_1.3.81-3sarge2_sparc.deb


• Debian openafs-kpasswd_1.3.81-3sarge2_alpha.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd _1.3.81-3sarge2_alpha.deb


• Debian openafs-kpasswd_1.3.81-3sarge2_amd64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd _1.3.81-3sarge2_amd64.deb


• Debian openafs-kpasswd_1.3.81-3sarge2_hppa.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd _1.3.81-3sarge2_hppa.deb


• Debian openafs-kpasswd_1.3.81-3sarge2_i386.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd _1.3.81-3sarge2_i386.deb


• Debian openafs-kpasswd_1.3.81-3sarge2_ia64.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd _1.3.81-3sarge2_ia64.deb


• Debian openafs-kpasswd_1.3.81-3sarge2_powerpc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd _1.3.81-3sarge2_powerpc.deb


• Debian openafs-kpasswd_1.3.81-3sarge2_s390.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd _1.3.81-3sarge2_s390.deb


• Debian openafs-kpasswd_1.3.81-3sarge2_sparc.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd _1.3.81-3sarge2_sparc.deb


• Debian openafs-modules-source_1.3.81-3sarge2_all.deb
  Debian 3.1 (stable)
  http://security.debian.org/pool/updates/main/o/openafs/openafs-modules -source_1.3.81-3sarge2_all.deb

OpenAFS OpenAFS 1.4.3

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.5

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS OpenAFS 1.5.16

• OpenAFS OpenAFS Version 1.4.4
  http://www.openafs.org/release/latest.html.

OpenAFS FetchStatus Reply Privilege Escalation Vulnerability

References:

• OpenAFS Homepage (OpenAFS)
  
• OpenAFS Security Advisories (OpenAFS)