Openafs
CVE-2013-1794
MEDIUM
Severity by source
AV:N/AC:L/Au:S/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:S/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry.
AnalysisAI
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry. Affected products include: Openafs. Version information: before 1.6.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated critical severity (CVSS 9.8), this vulner
A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing th
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory o
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of
A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized s
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated high severity (CVSS 7.5), this vulnerabil
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated high severity (CVSS 7.5), this vulnerabil
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. Rated medium severity (CVSS
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerb
An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, pos
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today