Your submission was sent successfully! Close

CVE-2015-7762

Published: 06 November 2015

rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

Priority

Medium

Status

Package Release Status
openafs
Launchpad, Ubuntu, Debian
Upstream
Released (1.6.15-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.6.15-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.6.7-1ubuntu1.1])
Patches:
Upstream: https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.master.patch
Upstream: https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.1.6.patch