CVE-2015-3285

Published: 12 August 2015

The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.

Priority

Medium

Status

Package Release Status
openafs
Launchpad, Ubuntu, Debian
Upstream
Released (1.6.13)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.6.15-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.6.7-1ubuntu1.1])
Patches:
Upstream: http://www.openafs.org/pages/security/openafs-sa-2015-004.patch