SB2018091108 - Multiple vulnerabilities in OpenAFS

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2018-16949)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. A remote attacker can send, or claim to send, large input values, trigger resource exhaustion and perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2018-16948)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. A remote attacker can cause RXAFSCB_TellMeAboutYourself kernel memory leak and KAM_ListEntry kaserver memory leak and access important data.

3) Security restrictions bypass (CVE-ID: CVE-2018-16947)

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to the backup tape controller (butc) process accepts incoming RPCs but does not require (or allow for) authentication of those RPCs. A remote attacker can perform handling of those RPCs with administrator credentials, including dumping/restoring volume contents and manipulating the backup database to replace any volume's content with arbitrary data.

Remediation

Install update from vendor's website.

References

• http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt
• http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
• http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt