[OpenAFS] Re: [OpenAFS-announce] OpenAFS Security Advisory 2007-003: denial of service in OpenAFS fileserver
Noah Meyerhans
noahm@csail.mit.edu
Mon, 7 Jan 2008 21:43:02 -0500
--MGYHOYXEY6WxJCY8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Dec 20, 2007 at 05:00:14PM -0500, Derrick J Brashear wrote:
> OpenAFS Security Advisory 2007-003
>=20
> Topic: denial of service in OpenAFS fileserver
>=20
> Issued: 20-Dev-2007
> Last Update: 21-Dec-2007
> Affected: OpenAFS 1.3.50 - 1.4.5, OpenAFS 1.5.0 - 1.5.27
>=20
> A user with network access can attack a fileserver via a race condition a=
nd
> cause it to crash.
MITRE has just assigned CVE-2007-6599 for this bug. See
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2007-6599 and
http://cve.mitre.org/ for more info. It would be nice if you could add
this CVE identifier to your web page about this issue, and possibly
mention it in the OpenAFS changelog. It helps end users and
distributors to confirm that they're all talking about the same bug.
Thanks.
noah
--=20
Noah Meyerhans System Administrator
MIT Computer Science and Artificial Intelligence Laboratory
--MGYHOYXEY6WxJCY8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHguM2YrVLjBFATsMRAjboAJwNAD190Q5sBnL0pNUE8CCAjYaidwCfRqVJ
vqaDjOwLPbH4LfJyUWYDgyk=
=FGz6
-----END PGP SIGNATURE-----
--MGYHOYXEY6WxJCY8--