In association with heise online

23 March 2007, 09:54

Content of cache can be manipulated in OpenAFS

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Attackers can manipulate the status of files in the cache of the free implementation OpenAFS for the distributed network file system AFS because communication via its cache manager takes place across unprotected connections. All attackers have to do is spoof a cache manager's "FetchStatus" reply. Attackers can reportedly manipulate the cache to escalate their rights on a system. All versions of OpenAFS 1.0.x, 1.1.x, 1.2.x, 1.3.x, 1.4.x up to and including 1.4.3 as well as 1.5.x up to and including 1.5.16. are affected. Upgrading to version 1.4.4 or 1.5.17 remedies the flaw.

For more information, see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit