← volver
CVE-2016-2860

CVE-2016-2860

EPSS 1.5%
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0https://lists.openafs.org/pipermail/openafs-announce/2016/000496.htmlhttps://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17http://www.debian.org/security/2016/dsa-3569http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt