漏洞信息详情
OpenAFS竞争条件漏洞
- CNNVD编号:CNNVD-200801-032
- 危害等级: 低危
- CVE编号: CVE-2007-6599
- 漏洞类型: 竞争条件
- 发布时间: 2007-12-20
- 威胁类型: 远程
- 更新时间: 2008-01-03
- 厂 商: openafs
- 漏洞来源: Derrick J Brashear...
漏洞简介
OpenAFS是一套分布式文件系统,它允许系统之间通过局域网和广域网来分享档案和资源。 OpenAFS的文件服务器中存在竞争条件错误,远程攻击者可能利用此漏洞导致程序崩溃。 如果远程攻击者同时请求并返回文件回调的话,GiveUpAllCallBacks RPC的处理器就会未经host_glock锁定便执行链表操作,导致守护程序崩溃。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: MandrakeSoft Linux Mandrake 2008.0 x86_64 Mandriva dkms-libafs-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva lib64openafs1-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva lib64openafs1-devel-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-client-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-doc-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-server-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ MandrakeSoft Linux Mandrake 2008.0 Mandriva dkms-libafs-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Mandriva libopenafs1-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Mandriva libopenafs1-devel-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-client-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-doc-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-server-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ MandrakeSoft Linux Mandrake 2007.1 Mandriva dkms-libafs-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ Mandriva libopenafs1-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ Mandriva libopenafs1-devel-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-client-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-doc-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-server-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ MandrakeSoft Linux Mandrake 2007.1 x86_64 Mandriva dkms-libafs-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva lib64openafs1-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva lib64openafs1-devel-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-client-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-doc-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-server-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/
参考网址
来源: www.openafs.org 链接:http://www.openafs.org/security/OPENAFS-SA-2007-003.txt 来源: MANDRIVA 名称: MDVSA-2008:207 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:207 来源: MLIST 名称: [OpenAFS-announce] 20071220 OpenAFS Security Advisory 2007-003: denial of service in OpenAFS fileserver 链接:http://lists.openafs.org/pipermail/openafs-announce/2007/000220.HTML 来源: BID 名称: 27132 链接:http://www.securityfocus.com/bid/27132 来源: SUSE 名称: SUSE-SR:2008:002 链接:http://www.novell.com/linux/security/advisories/suse_security_summary_report.HTML 来源: VUPEN 名称: ADV-2008-0046 链接:http://www.frsirt.com/english/advisories/2008/0046 来源: DEBIAN 名称: DSA-1458 链接:http://www.debian.org/security/2008/dsa-1458 来源: GENTOO 名称: GLSA-200801-04 链接:http://security.gentoo.org/glsa/glsa-200801-04.xml 来源: SECUNIA 名称: 28636 链接:http://secunia.com/advisories/28636 来源: SECUNIA 名称: 28433 链接:http://secunia.com/advisories/28433 来源: SECUNIA 名称: 28401 链接:http://secunia.com/advisories/28401 来源: SECUNIA 名称: 28327 链接:http://secunia.com/advisories/28327 来源:NSFOCUS 名称:11347 链接:http://www.nsfocus.net/vulndb/11347
受影响实体
- Openafs Openafs:1.5.27
- Openafs Openafs:1.4.5
- Openafs Openafs:1.3.5
补丁
暂无
评论