CVE-2007-6599

Publication date 4 January 2008

Last updated 24 July 2024

Ubuntu priority

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
openafs	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Ignored end of life, was needed
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 1.4.1-2+ubuntu0.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
openafs	Upstream: http://dl.openafs.org/dl/openafs/1.4.6/openafs-1.4.6-src.diff.gz

References

Other references

https://www.cve.org/CVERecord?id=CVE-2007-6599