SB2011021902 - Multiple vulnerabilities in OpenAFS

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Resource management error (CVE-ID: CVE-2011-0430)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors.

2) Input validation error (CVE-ID: CVE-2011-0431)

The vulnerability allows attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service via unknown vectors.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• http://secunia.com/advisories/43371
• http://secunia.com/advisories/43407
• http://www.debian.org/security/2011/dsa-2168
• http://www.securityfocus.com/bid/46428
• http://www.securitytracker.com/id?1025095
• http://www.vupen.com/english/advisories/2011/0410
• http://www.vupen.com/english/advisories/2011/0411