Vulnerability CVE-2016-2860
Published: 2016-05-13

Description:
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Openafs -> Openafs 
Debian -> Debian linux 

 References:
https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17
https://lists.openafs.org/pipermail/openafs-announce/2016/000496.html
http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt
http://www.debian.org/security/2016/dsa-3569
http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0
Copyright 2024, cxsecurity.com

 

Back to Top