[OpenAFS] [OpenAFS-announce] OpenAFS Security Advisory 2009-002
Mon, 6 Apr 2009 23:29:48 +0100
-----BEGIN PGP SIGNED MESSAGE-----
[ A copy of this message, and related patches signed with the OpenAFS
security key is available from the OpenAFS website ]
OpenAFS Security Advisory 2009-002
Topic: Denial of service attack against Linux cache manager
Last Update: 06-Apr-2009
Affected: Linux OpenAFS clients
running versions 1.0 thru 1.4.8 & 1.5.0 thru 1.5.58
An attacker with control of a fileserver, or the ability to forge RX =20
can crash the cache manager, and hence the kernel, of affected Linux AFS
AFS may pass an error code obtained from the fileserver directly to the
Linux kernel, using a Linux mechanism that merges error codes and =20
into a single value. However, this mechanism is unable to distinguish =20=
error codes from pointers. When AFS returns a code of this type to the =20=
the kernel treats it as a pointer and attempts to dereference it. This =20=
kernel panic, and results in a denial of service attack.
By forging responses from an existing fileserver, or by getting a user =20=
visit a fileserver under their control, an attacker may crash the client
No publicly available exploits are currently known.
All releases of OpenAFS up to (and including) 1.4.8
All releases of OpenAFS 1.5.0 to 1.5.58
Only the Linux cache manager is affected.
The OpenAFS project recommends that administrators with Linux clients
upgrade to OpenAFS version 1.4.9 or newer, or as appropriate for people
testing features in the OpenAFS 1.5 series, OpenAFS version 1.5.59 or =20=
Only Linux clients need to be upgraded.
For those sites unable, or unwilling, to upgrade a patch which =20
issue is available as
in the OpenAFS delta system, or directly from
The corresponding PGP signature is available from
Note that this patch is against 1.4.8, although it may apply to earlier
releases. Patches for 1.5 and HEAD are available from wdelta, or in CVS.
The latest stable OpenAFS release is always available from
This announcement and code patches related to it may be found on the
OpenAFS security advisory page at:
The main OpenAFS web page is at:
This issue was identified by Simon Wilkinson, from an original bug =20
Toby Blake. Derrick Brashear provided the final version of the patch =20
distributed with this advisory.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
-----END PGP SIGNATURE-----
OpenAFS-announce mailing list