Launchpad.net

CVE 2009-1251

Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.

Related bugs and status

CVE-2009-1251 (Candidate) is related to these bugs:

Bug #356861: OpenAFS Security Advisories 2009-001 and 2009-002

		In	Importance	Status
356861	OpenAFS Security Advisories 2009-001 and 2009-002	openafs (Ubuntu)	Undecided	Fix Released
356861	OpenAFS Security Advisories 2009-001 and 2009-002	openafs (Ubuntu Dapper)	Undecided	Fix Released
356861	OpenAFS Security Advisories 2009-001 and 2009-002	openafs (Ubuntu Hardy)	Undecided	Fix Released
356861	OpenAFS Security Advisories 2009-001 and 2009-002	openafs (Ubuntu Jaunty)	Undecided	Fix Released
356861	OpenAFS Security Advisories 2009-001 and 2009-002	openafs (Ubuntu Intrepid)	Undecided	Fix Released

Bug #364426: Openafs hard codes version number in debian/rules

Summary				In	Importance	Status
	364426	Openafs hard codes version number in debian/rules		openafs (Ubuntu)	Undecided	Fix Released

Bug #370458: Merge openafs 1.4.10+dfsg1-1 from Deban

Summary				In	Importance	Status
	370458	Merge openafs 1.4.10+dfsg1-1 from Deban		openafs (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.openafs.org...
CONFIRM: http://www.openafs.org...
BID: 34407
DEBIAN: DSA-1768
SECUNIA: 34655
SECUNIA: 34684
VUPEN: ADV-2009-0984
MANDRIVA: MDVSA-2009:099
SECUNIA: 42896
VUPEN: ADV-2011-0117
GENTOO: GLSA-201101-05