CVE-2014-2852

Published: 14 April 2014

OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.

Priority

Status

Package	Release	Status
openafs Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Not vulnerable (1.6.1-1+ubuntu0.4)
	quantal	Ignored (end of life)
	saucy	Ignored (end of life)
	trusty	Does not exist (trusty was not-affected [1.6.7-1])
	upstream	Released (1.6.7-1)
	utopic	Not vulnerable (1.6.7-1)
	vivid	Not vulnerable (1.6.7-1)

References

http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog
http://www.debian.org/security/2014/dsa-2899
https://www.cve.org/CVERecord?id=CVE-2014-2852
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.