Main Vulnerability Database SB2015090206

SB2015090206 - Buffer overflow in Debian Linux

Published: September 2, 2015 Updated: August 9, 2020

Security Bulletin ID SB2015090206

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2015-6587)

The vulnerability allows a remote #AU# to perform service disruption.

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

Remediation

Install update from vendor's website.

References

http://www.debian.org/security/2015/dsa-3320
http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html
https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13