GLSA-201404-05 : OpenAFS: Multiple vulnerabilities

critical Nessus Plugin ID 73394

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201404-05 (OpenAFS: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in OpenAFS. Please review the CVE identifiers referenced below for details.
Impact :

An attacker could potentially execute arbitrary code with the permissions of the user running the AFS server, cause a Denial of Service condition, or gain access to sensitive information. Additionally, an attacker could compromise a cell’s private key, allowing them to impersonate any user in the cell.
Workaround :

There is no known workaround at this time.

Solution

All OpenAFS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/openafs-1.6.5'

See Also

https://security.gentoo.org/glsa/201404-05

Plugin Details

Severity: Critical

ID: 73394

File Name: gentoo_GLSA-201404-05.nasl

Version: 1.8

Type: local

Published: 4/8/2014

Updated: 1/6/2021

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:openafs, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/7/2014

Reference Information

CVE: CVE-2009-1250, CVE-2009-1251, CVE-2011-0430, CVE-2011-0431, CVE-2013-1794, CVE-2013-1795, CVE-2013-4134, CVE-2013-4135

BID: 34404, 34407, 46428, 58299, 58300, 61438, 61439

GLSA: 201404-05

CWE: 119, 189