CVE-2015-7763
Published: 6 November 2015
rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
Priority
Status
Package | Release | Status |
---|---|---|
openafs Launchpad, Ubuntu, Debian |
precise |
Released
(1.6.1-1+ubuntu0.7)
|
trusty |
Released
(1.6.7-1ubuntu1.1)
|
|
upstream |
Released
(1.6.15-1)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(1.6.15-1)
|
|
Patches: upstream: https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.master.patch upstream: https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.1.6.patch |