From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-201101-05.xml | 69 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 metadata/glsa/glsa-201101-05.xml (limited to 'metadata/glsa/glsa-201101-05.xml') diff --git a/metadata/glsa/glsa-201101-05.xml b/metadata/glsa/glsa-201101-05.xml new file mode 100644 index 000000000000..45499a8bad44 --- /dev/null +++ b/metadata/glsa/glsa-201101-05.xml @@ -0,0 +1,69 @@ + + + + OpenAFS: Arbitrary code execution + + The cache manager of OpenAFS contains several bugs resulting in remote + execution of arbitrary code. + + OpenAFS + 2011-01-16 + 2011-01-16: 01 + 265538 + remote + + + 1.4.9 + 1.4.9 + + + +

+ OpenAFS is a distributed file system. +

+ + +

+ Two vulnerabilities were discovered: +

+
  • + Simon Wilkinson discovered from a bug report by Toby Blake that the + cache manager of OpenAFS contains a heap-based buffer overflow which is + related to the use of the ERR_PTR macro (CVE-2009-1250).
    • +
  • A + pointer dereference bug when using XDR arrays was discovered by Simon + Wilkinson, with assistance from Derrick Brashear and Jeffrey Altman. + (CVE-2009-1251).
    • +
+ + +

+ The vulnerabilities might allow remote unauthenticated attackers to + cause a Denial of Service (system crash) and possibly execute arbitrary + code. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenAFS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-fs/openafs-1.4.9" + + + CVE-2009-1250 + CVE-2009-1251 + + + craig + + + p-y + + -- cgit v1.2.3