CVE-2015-7763

描述

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

受影響套件(1)

• Debian/openafsfrom 0, < 1.6.15-1

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-7763