CVE-2013-1794

Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/52342	Vendor Advisory
http://secunia.com/advisories/52480	Vendor Advisory
http://www.debian.org/security/2013/dsa-2638
http://www.mandriva.com/security/advisories?name=MDVSA-2014:244
http://www.openafs.org/pages/security/OPENAFS-SA-2013-001.txt	Vendor Advisory
http://www.securityfocus.com/bid/58299
https://exchange.xforce.ibmcloud.com/vulnerabilities/82582

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openafs:openafs::::::::
	cpe:2.3:a:openafs:openafs:1.5.10:::::::*
	cpe:2.3:a:openafs:openafs:1.5.11:::::::*
	cpe:2.3:a:openafs:openafs:1.5.12:::::::*
	cpe:2.3:a:openafs:openafs:1.5.13:::::::*
	cpe:2.3:a:openafs:openafs:1.5.14:::::::*
	cpe:2.3:a:openafs:openafs:1.5.15:::::::*
	cpe:2.3:a:openafs:openafs:1.5.16:::::::*
	cpe:2.3:a:openafs:openafs:1.5.17:::::::*
	cpe:2.3:a:openafs:openafs:1.5.18:::::::*
	cpe:2.3:a:openafs:openafs:1.5.19:::::::*
	cpe:2.3:a:openafs:openafs:1.5.20:::::::*
	cpe:2.3:a:openafs:openafs:1.5.21:::::::*
	cpe:2.3:a:openafs:openafs:1.5.22:::::::*
	cpe:2.3:a:openafs:openafs:1.5.23:::::::*
	cpe:2.3:a:openafs:openafs:1.5.24:::::::*
	cpe:2.3:a:openafs:openafs:1.5.25:::::::*
	cpe:2.3:a:openafs:openafs:1.5.26:::::::*
	cpe:2.3:a:openafs:openafs:1.5.27:::::::*
	cpe:2.3:a:openafs:openafs:1.5.28:::::::*
	cpe:2.3:a:openafs:openafs:1.5.29:::::::*
	cpe:2.3:a:openafs:openafs:1.5.30:::::::*
	cpe:2.3:a:openafs:openafs:1.5.31:::::::*
	cpe:2.3:a:openafs:openafs:1.5.32:::::::*
	cpe:2.3:a:openafs:openafs:1.5.33:::::::*
	cpe:2.3:a:openafs:openafs:1.5.34:::::::*
	cpe:2.3:a:openafs:openafs:1.5.35:::::::*
	cpe:2.3:a:openafs:openafs:1.5.36:::::::*
	cpe:2.3:a:openafs:openafs:1.5.37:::::::*
	cpe:2.3:a:openafs:openafs:1.5.38:::::::*
	cpe:2.3:a:openafs:openafs:1.5.39:::::::*
	cpe:2.3:a:openafs:openafs:1.5.50:::::::*
	cpe:2.3:a:openafs:openafs:1.5.51:::::::*
	cpe:2.3:a:openafs:openafs:1.5.52:::::::*
	cpe:2.3:a:openafs:openafs:1.5.53:::::::*
	cpe:2.3:a:openafs:openafs:1.5.54:::::::*
	cpe:2.3:a:openafs:openafs:1.5.55:::::::*
	cpe:2.3:a:openafs:openafs:1.5.56:::::::*
	cpe:2.3:a:openafs:openafs:1.5.57:::::::*
	cpe:2.3:a:openafs:openafs:1.5.58:::::::*
	cpe:2.3:a:openafs:openafs:1.5.59:::::::*
	cpe:2.3:a:openafs:openafs:1.5.60:::::::*
	cpe:2.3:a:openafs:openafs:1.5.61:::::::*
	cpe:2.3:a:openafs:openafs:1.5.62:::::::*
	cpe:2.3:a:openafs:openafs:1.5.63:::::::*
	cpe:2.3:a:openafs:openafs:1.5.64:::::::*
	cpe:2.3:a:openafs:openafs:1.5.65:::::::*
	cpe:2.3:a:openafs:openafs:1.5.66:::::::*
	cpe:2.3:a:openafs:openafs:1.5.67:::::::*
	cpe:2.3:a:openafs:openafs:1.5.68:::::::*
	cpe:2.3:a:openafs:openafs:1.5.69:::::::*
	cpe:2.3:a:openafs:openafs:1.5.70:::::::*
	cpe:2.3:a:openafs:openafs:1.5.71:::::::*
	cpe:2.3:a:openafs:openafs:1.5.72:::::::*
	cpe:2.3:a:openafs:openafs:1.5.73:::::::*
	cpe:2.3:a:openafs:openafs:1.5.74:::::::*
	cpe:2.3:a:openafs:openafs:1.5.75:::::::*
	cpe:2.3:a:openafs:openafs:1.5.76:::::::*
	cpe:2.3:a:openafs:openafs:1.5.77:::::::*
	cpe:2.3:a:openafs:openafs:1.5.78:::::::*
	cpe:2.3:a:openafs:openafs:1.6.0:::::::*

History

No history.

Information

Published : 2013-03-14 03:13

Updated : 2024-02-04 18:16

NVD link : CVE-2013-1794

Mitre link : CVE-2013-1794

CVE.ORG link : CVE-2013-1794

JSON object : View

Products Affected

openafs

openafs

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

6.5 /10