ID CVE-2013-4135
Summary The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
References
Vulnerable Configurations
  • OpenAFS 1.6.0
    cpe:2.3:a:openafs:openafs:1.6.0
  • OpenAFS 1.6.1
    cpe:2.3:a:openafs:openafs:1.6.1
  • OpenAFS 1.6.2
    cpe:2.3:a:openafs:openafs:1.6.2
  • OpenAFS 1.6.2.1
    cpe:2.3:a:openafs:openafs:1.6.2.1
  • OpenAFS 1.6.3
    cpe:2.3:a:openafs:openafs:1.6.3
  • OpenAFS 1.6.4
    cpe:2.3:a:openafs:openafs:1.6.4
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
CVSS
Base: 4.3 (as of 23-08-2016 - 14:39)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-244.NASL
    description Multiple vulnerabilities has been found and corrected in openafs : Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry (CVE-2013-1794). Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow (CVE-2013-1795). OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key (CVE-2013-4134). The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network (CVE-2013-4135). Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument (CVE-2014-0159). A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior (CVE-2014-3660). The updated packages have been upgraded to the 1.4.15 version and patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 79989
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79989
    title Mandriva Linux Security Advisory : openafs (MDVSA-2014:244)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130724_OPENAFS_ON_SL5_X.NASL
    description OpenAFS uses Kerberos tickets to secure network traffic. For historical reasons, it has only supported the DES encryption algorithm to encrypt these tickets. The weakness of DES's 56 bit key space has long been known, however it has recently become possible to use that weakness to cheaply (around $100) and rapidly (approximately 23 hours) compromise a service's long term key. An attacker must first obtain a ticket for the cell. They may then use a brute-force attack to compromise the cell's private service key. Once an attacker has gained access to the service key, they can use this to impersonate any user within the cell, including the super user, giving them access to all administrative capabilities as well as all user data. Recovering the service key from a DES encrypted ticket is an issue for any Kerberos service still using DES (and especially so for realms which still have DES keys on their ticket granting ticket). (CVE-2013-4134) The -encrypt option to the 'vos' volume management command should cause it to encrypt all data between client and server. However, in versions of OpenAFS later than 1.6.0, it has no effect, and data is transmitted with integrity protection only. In all versions of OpenAFS, vos -encrypt has no effect when combined with the -localauth option. (CVE-2013-4135)
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 69068
    published 2013-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69068
    title Scientific Linux Security Update : openafs on SL5.x, SL6.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201404-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201404-05 (OpenAFS: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenAFS. Please review the CVE identifiers referenced below for details. Impact : An attacker could potentially execute arbitrary code with the permissions of the user running the AFS server, cause a Denial of Service condition, or gain access to sensitive information. Additionally, an attacker could compromise a cell’s private key, allowing them to impersonate any user in the cell. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 73394
    published 2014-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73394
    title GLSA-201404-05 : OpenAFS: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2729.NASL
    description OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: OPENAFS-SA-2013-003 In addition the 'encrypt' option to the 'vos' tool was fixed.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 69107
    published 2013-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69107
    title Debian DSA-2729-1 : openafs - several vulnerabilities
refmap via4
confirm http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt
debian DSA-2729
mandriva MDVSA-2014:244
Last major update 24-08-2016 - 11:31
Published 05-11-2013 - 16:55
Back to Top