OpenAFS Sensitive Information Disclosure Vulnerabilities


rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.


The information has been provided by John Stumpo.


Vulnerable Systems:
 * OpenAFS before 1.6.15 and 1.7.x before 1.7.33

Immune Systems:
 * OpenAFS after 1.6.15 and 1.7.x after 1.7.33

OpenAFS is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain portions of the plaintext of arbitrary encrypted packets by replaying them against the original recipient and observing the responding ACK packet. This may aid in further attacks.

CVE Information:

Disclosure Timeline:
Original release date: 11/06/2015
Last revised: 11/09/2015

Categories: News