[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-7762Date: (C)2015-12-15   (M)2023-12-22


rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1034039
DSA-3387
https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html
https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15
https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt

CPE    30
cpe:/a:openafs:openafs:1.7.28
cpe:/a:openafs:openafs:1.7.29
cpe:/a:openafs:openafs:1.7.24
cpe:/a:openafs:openafs:1.7.8
...
CWE    1
CWE-200
OVAL    2
oval:org.secpod.oval:def:602261
oval:org.secpod.oval:def:31676

© SecPod Technologies