Content of cache can be manipulated in OpenAFS
Attackers can manipulate the status of files in the cache of the free implementation OpenAFS for the distributed network file system AFS because communication via its cache manager takes place across unprotected connections. All attackers have to do is spoof a cache manager's "FetchStatus" reply. Attackers can reportedly manipulate the cache to escalate their rights on a system. All versions of OpenAFS 1.0.x, 1.1.x, 1.2.x, 1.3.x, 1.4.x up to and including 1.4.3 as well as 1.5.x up to and including 1.5.16. are affected. Upgrading to version 1.4.4 or 1.5.17 remedies the flaw.
- setuid (privilege escalation) in OpenAFS Unix based clients, OpenAFS's security advisory
(ehe)