Описание
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| openafs | fixed | 1.8.5-1 | package | |
| openafs | no-dsa | buster | package | |
| openafs | no-dsa | stretch | package |
Примечания
http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt
https://www.openafs.org/pages/security/openafs-sa-2019-003-stable16.patch (openafs-stable-1_6_24)
https://www.openafs.org/pages/security/openafs-sa-2019-003-stable18.patch (openafs-stable-1_8_5)
EPSS
Связанные уязвимости
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler.
EPSS