GLSA-200801-04 : OpenAFS: Denial of Service
Medium Nessus Plugin ID 29908
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200801-04 (OpenAFS: Denial of Service)
Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a race condition due to an improper handling of the clients callbacks lists.
A remote attacker could construct cases which trigger the race condition, resulting in a server crash.
There is no known workaround at this time.
SolutionAll OpenAFS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/openafs-1.4.6'