CVE-2015-7762
Published: 6 November 2015
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
Priority
Status
Package | Release | Status |
---|---|---|
openafs Launchpad, Ubuntu, Debian |
precise |
Released
(1.6.1-1+ubuntu0.7)
|
trusty |
Released
(1.6.7-1ubuntu1.1)
|
|
upstream |
Released
(1.6.15-1)
|
|
xenial |
Not vulnerable
(1.6.15-1)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
Patches: upstream: https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.master.patch upstream: https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.1.6.patch |