OpenAFS Sensitive Information Disclosure Vulnerabilities

Summary

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

Credit:

The information has been provided by John Stumpo.


Details

Vulnerable Systems:
 * OpenAFS before 1.6.15 and 1.7.x before 1.7.33

Immune Systems:
 * OpenAFS after 1.6.15 and 1.7.x after 1.7.33

OpenAFS is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain portions of the plaintext of arbitrary encrypted packets by replaying them against the original recipient and observing the responding ACK packet. This may aid in further attacks.

CVE Information:
CVE-2015-7763

Disclosure Timeline:
Original release date: 11/06/2015
Last revised: 11/09/2015

Categories: News