Vulnerabilities > CVE-2013-1795 - Numeric Errors vulnerability in Openafs
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201404-05.NASL description The remote host is affected by the vulnerability described in GLSA-201404-05 (OpenAFS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenAFS. Please review the CVE identifiers referenced below for details. Impact : An attacker could potentially execute arbitrary code with the permissions of the user running the AFS server, cause a Denial of Service condition, or gain access to sensitive information. Additionally, an attacker could compromise a cell’s private key, allowing them to impersonate any user in the cell. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 73394 published 2014-04-08 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73394 title GLSA-201404-05 : OpenAFS: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201404-05. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(73394); script_version("1.6"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2009-1250", "CVE-2009-1251", "CVE-2011-0430", "CVE-2011-0431", "CVE-2013-1794", "CVE-2013-1795", "CVE-2013-4134", "CVE-2013-4135"); script_bugtraq_id(34404, 34407, 46428, 58299, 58300, 61438, 61439); script_xref(name:"GLSA", value:"201404-05"); script_name(english:"GLSA-201404-05 : OpenAFS: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201404-05 (OpenAFS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenAFS. Please review the CVE identifiers referenced below for details. Impact : An attacker could potentially execute arbitrary code with the permissions of the user running the AFS server, cause a Denial of Service condition, or gain access to sensitive information. Additionally, an attacker could compromise a cell’s private key, allowing them to impersonate any user in the cell. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201404-05" ); script_set_attribute( attribute:"solution", value: "All OpenAFS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/openafs-1.6.5'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openafs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-fs/openafs", unaffected:make_list("ge 1.6.5"), vulnerable:make_list("lt 1.6.5"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenAFS"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-244.NASL description Multiple vulnerabilities has been found and corrected in openafs : Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry (CVE-2013-1794). Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow (CVE-2013-1795). OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key (CVE-2013-4134). The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network (CVE-2013-4135). Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument (CVE-2014-0159). A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior (CVE-2014-3660). The updated packages have been upgraded to the 1.4.15 version and patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 79989 published 2014-12-15 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79989 title Mandriva Linux Security Advisory : openafs (MDVSA-2014:244) NASL family Scientific Linux Local Security Checks NASL id SL_20130304_OPENAFS_ON_SL5_X.NASL description By carefully crafting an ACL entry an attacker may overflow fixed length buffers within the OpenAFS fileserver, crashing the fileserver, and potentially permitting the execution of arbitrary code. To perform the exploit, the attacker must already have permissions to create ACLs on the fileserver in question. Once such an ACL is present on a fileserver, client utilities such as last seen 2020-03-18 modified 2013-03-05 plugin id 65021 published 2013-03-05 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65021 title Scientific Linux Security Update : openafs on SL5.x SL6.x i386/x86_64 (20130304) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2638.NASL description Multiple buffer overflows were discovered in OpenAFS, the implementation of the distributed filesystem AFS, which might result in denial of service or the execution of arbitrary code. Further information is available at http://www.openafs.org/security. last seen 2020-03-17 modified 2013-03-05 plugin id 64996 published 2013-03-05 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64996 title Debian DSA-2638-1 : openafs - buffer overflow
References
- http://secunia.com/advisories/52342
- http://secunia.com/advisories/52480
- http://www.debian.org/security/2013/dsa-2638
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:244
- http://www.openafs.org/pages/security/OPENAFS-SA-2013-002.txt
- http://www.securityfocus.com/bid/58300
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82585