Family: Debian Local Security Checks --> Category: infos
[DSA142] DSA-142-1 openafs Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
An integer overflow bug has been discovered in the RPC library used by
the OpenAFS database server, which is derived from the SunRPC library.
This bug could be exploited to crash certain OpenAFS servers
(volserver, vlserver, ptserver, buserver) or to obtain unauthorized
root access to a host running one of these processes. No exploits are
known to exist yet.
This problem has been fixed in version 1.2.3final2-6 for the current
stable distribution (woody) and in version 1.2.6-1 for the unstable
distribution (sid). Debian 2.2 (potato) is not affected since it
doesn't contain OpenAFS packages.
OpenAFS is only available for the architectures alpha, i386, powerpc,
s390, sparc. Hence, we only provide fixed packages for these
We recommend that you upgrade your openafs packages.
Solution : http://www.debian.org/security/2002/dsa-142
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.