FreeBSD : openafs -- multiple vulnerabilities (bcbd3fe0-2b46-11e6-ae88-002590263bf5)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The OpenAFS development team reports :

Foreign users can bypass access controls to create groups as
system:administrators, including in the user namespace and the system:
namespace.

The contents of uninitialized memory are sent on the wire when clients
perform certain RPCs. Depending on the RPC, the information leaked may
come from kernel memory or userspace.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209534
http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt
http://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
http://www.nessus.org/u?c907ac2b

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 91477 ()

Bugtraq ID:

CVE ID: CVE-2016-2860
CVE-2016-4536

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now