Vulnerability Description
rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openafs | Openafs | 1.5.75 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2015/dsa-3387
- http://www.securitytracker.com/id/1034039
- https://lists.openafs.org/pipermail/openafs-announce/2015/000493.htmlVendor Advisory
- https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15Vendor Advisory
- https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txtVendor Advisory
- http://www.debian.org/security/2015/dsa-3387
- http://www.securitytracker.com/id/1034039
- https://lists.openafs.org/pipermail/openafs-announce/2015/000493.htmlVendor Advisory
- https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15Vendor Advisory
- https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txtVendor Advisory
FAQ
What is CVE-2015-7763?
CVE-2015-7763 is a vulnerability with a CVSS score of 5.0 (MEDIUM). rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attack...
How severe is CVE-2015-7763?
CVE-2015-7763 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7763?
Check the references section above for vendor advisories and patch information. Affected products include: Openafs Openafs.