OpenAFS: Denial of Service — GLSA 200801-04

A Denial of Service vulnerability has been discovered in OpenAFS.

Affected Packages

net-fs/openafs on all architectures
Affected versions < 1.4.6
Unaffected versions >= 1.4.6

Background

OpenAFS is a distributed network filesystem.

Description

Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a race condition due to an improper handling of the clients callbacks lists.

Impact

A remote attacker could construct cases which trigger the race condition, resulting in a server crash.

Workaround

There is no known workaround at this time.

Resolution

All OpenAFS users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-fs/openafs-1.4.6"

References

Release Date
January 09, 2008

Latest Revision
January 09, 2008: 01

Severity
normal

Exploitable
remote

Bugzilla entries