Skip to main content

Openafs CVE-2015-3286

MEDIUM
Buffer Overflow (CWE-119)
2015-08-12 secalert@redhat.com
4.6
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Local
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Aug 12, 2015 - 14:59 cve.org
MEDIUM 4.6

DescriptionCVE.org

Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.

AnalysisAI

Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG. Affected products include: Openafs. Version information: before 1.6.13.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2018-16947 CRITICAL
9.8 Sep 12

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated critical severity (CVSS 9.8), this vulner

CVE-2024-10394 HIGH
8.4 Nov 14

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing th

CVE-2015-8312 HIGH
7.8 May 13

Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory o

CVE-2017-17432 HIGH
7.5 Dec 06

OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of

CVE-2024-10397 HIGH
7.7 Nov 14

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.

CVE-2019-18602 HIGH
7.5 Oct 29

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized s

CVE-2019-18601 HIGH
7.5 Oct 29

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote

CVE-2018-16949 HIGH
7.5 Sep 12

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated high severity (CVSS 7.5), this vulnerabil

CVE-2018-16948 HIGH
7.5 Sep 12

An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Rated high severity (CVSS 7.5), this vulnerabil

CVE-2013-1794 MEDIUM
6.5 Mar 14

Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial

CVE-2015-3283 MEDIUM
6.8 Aug 12

OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. Rated medium severity (CVSS

CVE-2016-2860 MEDIUM
6.5 May 13

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerb

Share

CVE-2015-3286 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy