OpenAFS竞争条件漏洞

admin
admin
admin
0
文章
0
评论
2022-07-19 10:23:49 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

OpenAFS竞争条件漏洞

  • CNNVD编号:CNNVD-200801-032
  • 危害等级: 低危
  • CVE编号: CVE-2007-6599
  • 漏洞类型: 竞争条件
  • 发布时间: 2007-12-20
  • 威胁类型: 远程
  • 更新时间: 2008-01-03
  • 厂        商: openafs
  • 漏洞来源: Derrick J Brashear...

漏洞简介

OpenAFS是一套分布式文件系统,它允许系统之间通过局域网和广域网来分享档案和资源。 OpenAFS的文件服务器中存在竞争条件错误,远程攻击者可能利用此漏洞导致程序崩溃。 如果远程攻击者同时请求并返回文件回调的话,GiveUpAllCallBacks RPC的处理器就会未经host_glock锁定便执行链表操作,导致守护程序崩溃。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: MandrakeSoft Linux Mandrake 2008.0 x86_64 Mandriva dkms-libafs-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva lib64openafs1-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva lib64openafs1-devel-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-client-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-doc-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-server-1.4.4-8.2mdv2008.0.x86_64.rpm http://www.mandriva.com/en/download/ MandrakeSoft Linux Mandrake 2008.0 Mandriva dkms-libafs-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Mandriva libopenafs1-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Mandriva libopenafs1-devel-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-client-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-doc-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-server-1.4.4-8.2mdv2008.0.i586.rpm http://www.mandriva.com/en/download/ MandrakeSoft Linux Mandrake 2007.1 Mandriva dkms-libafs-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ Mandriva libopenafs1-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ Mandriva libopenafs1-devel-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-client-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-doc-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ Mandriva openafs-server-1.4.2-3.1mdv2007.1.i586.rpm http://www.mandriva.com/en/download/ MandrakeSoft Linux Mandrake 2007.1 x86_64 Mandriva dkms-libafs-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva lib64openafs1-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva lib64openafs1-devel-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-client-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-doc-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/ Mandriva openafs-server-1.4.2-3.1mdv2007.1.x86_64.rpm http://www.mandriva.com/en/download/

参考网址

来源: www.openafs.org 链接:http://www.openafs.org/security/OPENAFS-SA-2007-003.txt 来源: MANDRIVA 名称: MDVSA-2008:207 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:207 来源: MLIST 名称: [OpenAFS-announce] 20071220 OpenAFS Security Advisory 2007-003: denial of service in OpenAFS fileserver 链接:http://lists.openafs.org/pipermail/openafs-announce/2007/000220.HTML 来源: BID 名称: 27132 链接:http://www.securityfocus.com/bid/27132 来源: SUSE 名称: SUSE-SR:2008:002 链接:http://www.novell.com/linux/security/advisories/suse_security_summary_report.HTML 来源: VUPEN 名称: ADV-2008-0046 链接:http://www.frsirt.com/english/advisories/2008/0046 来源: DEBIAN 名称: DSA-1458 链接:http://www.debian.org/security/2008/dsa-1458 来源: GENTOO 名称: GLSA-200801-04 链接:http://security.gentoo.org/glsa/glsa-200801-04.xml 来源: SECUNIA 名称: 28636 链接:http://secunia.com/advisories/28636 来源: SECUNIA 名称: 28433 链接:http://secunia.com/advisories/28433 来源: SECUNIA 名称: 28401 链接:http://secunia.com/advisories/28401 来源: SECUNIA 名称: 28327 链接:http://secunia.com/advisories/28327 来源:NSFOCUS 名称:11347 链接:http://www.nsfocus.net/vulndb/11347

受影响实体

  • Openafs Openafs:1.5.27  
  • Openafs Openafs:1.4.5  
  • Openafs Openafs:1.3.5  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
OpenAFS竞争条件漏洞 CNNVD漏洞

OpenAFS竞争条件漏洞

漏洞信息详情OpenAFS竞争条件漏洞CNNVD编号:CNNVD-200801-032危害等级: 低危CVE编号:CVE-2007-6599漏洞类型:竞争条件发布时间:2007
07-190 评论
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0