OpenAFS CVE-2013-1795 Remote Integer Overflow Vulnerability

Bugtraq ID:	58300
Class:	Boundary Condition Error
CVE:	CVE-2013-1795
Remote:	Yes
Local:	No
Published:	Mar 04 2013 12:00AM
Updated:	Dec 16 2014 12:54AM
Credit:	Nickolai Zeldovich
Vulnerable:	OpenAFS OpenAFS 1.5.9 OpenAFS OpenAFS 1.5.8 OpenAFS OpenAFS 1.5.7 OpenAFS OpenAFS 1.5.6 OpenAFS OpenAFS 1.5.5 OpenAFS OpenAFS 1.5.4 OpenAFS OpenAFS 1.5.3 OpenAFS OpenAFS 1.5.2 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64
Not Vulnerable:

OpenAFS CVE-2013-1795 Remote Integer Overflow Vulnerability

OpenAFS is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will likely crash the application.

Versions prior to OpenAFS 1.6.2 are vulnerable.

OpenAFS CVE-2013-1795 Remote Integer Overflow Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

OpenAFS CVE-2013-1795 Remote Integer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

OpenAFS CVE-2013-1795 Remote Integer Overflow Vulnerability

References:

• OpenAFS Homepage (OpenAFS)