OpenAFS CVE-2013-1794 Buffer Overflow Vulnerability

Bugtraq ID:	58299
Class:	Boundary Condition Error
CVE:	CVE-2013-1794
Remote:	Yes
Local:	No
Published:	Mar 04 2013 12:00AM
Updated:	Dec 16 2014 12:54AM
Credit:	Nickolai Zeldovich
Vulnerable:	OpenAFS OpenAFS 1.5.9 OpenAFS OpenAFS 1.5.8 OpenAFS OpenAFS 1.5.7 OpenAFS OpenAFS 1.5.6 OpenAFS OpenAFS 1.5.5 OpenAFS OpenAFS 1.5.4 OpenAFS OpenAFS 1.5.3 OpenAFS OpenAFS 1.5.2 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64
Not Vulnerable:

OpenAFS CVE-2013-1794 Buffer Overflow Vulnerability

OpenAFS is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it into a fixed-length buffer.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will likely crash the application.

Versions prior to OpenAFS 1.6.2 are vulnerable.

OpenAFS CVE-2013-1794 Buffer Overflow Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

OpenAFS CVE-2013-1794 Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

OpenAFS CVE-2013-1794 Buffer Overflow Vulnerability

References:

• OpenAFS Homepage (OpenAFS)