GLSA-201404-05 : OpenAFS: Multiple vulnerabilities

Critical Nessus Plugin ID 73394


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-201404-05 (OpenAFS: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in OpenAFS. Please review the CVE identifiers referenced below for details.
Impact :

An attacker could potentially execute arbitrary code with the permissions of the user running the AFS server, cause a Denial of Service condition, or gain access to sensitive information. Additionally, an attacker could compromise a cell’s private key, allowing them to impersonate any user in the cell.
Workaround :

There is no known workaround at this time.


All OpenAFS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/openafs-1.6.5'

See Also

Plugin Details

Severity: Critical

ID: 73394

File Name: gentoo_GLSA-201404-05.nasl

Version: $Revision: 1.5 $

Type: local

Published: 2014/04/08

Modified: 2016/11/11

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:openafs, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/04/07

Reference Information

CVE: CVE-2009-1250, CVE-2009-1251, CVE-2011-0430, CVE-2011-0431, CVE-2013-1794, CVE-2013-1795, CVE-2013-4134, CVE-2013-4135

BID: 34404, 34407, 46428, 58299, 58300, 61438, 61439

OSVDB: 55273, 55274, 72522, 72523, 90866, 90874, 95637, 95811

GLSA: 201404-05

CWE: 119, 189