Main Vulnerability Database Vulnerabilities #VU42389

Cryptographic issues in OpenAFS and Debian Linux - CVE-2013-4134

Published: November 5, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42389

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-4134

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenAFS.org
Debian

Affected software:
OpenAFS
Debian Linux

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.

How to mitigate CVE-2013-4134

Install update from vendor's website.

Sources

http://www.debian.org/security/2013/dsa-2729
http://www.mandriva.com/security/advisories?name=MDVSA-2014:244
http://www.openafs.org/pages/security/OPENAFS-SA-2013-003.txt

Cryptographic issues in OpenAFS and Debian Linux - CVE-2013-4134

Detailed vulnerability description

How to mitigate CVE-2013-4134

Sources

Please verify you're human