Your submission was sent successfully! Close

CVE-2015-7763

Published: 06 November 2015

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

Priority

Medium

Status

Package Release Status
openafs
Launchpad, Ubuntu, Debian
Upstream
Released (1.6.15-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.6.15-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.6.7-1ubuntu1.1])
Patches:
Upstream: https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.master.patch
Upstream: https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.1.6.patch