CVE-2007-6599

Description

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.

How to fix CVE-2007-6599

To remediate CVE-2007-6599, upgrade the affected package to a fixed version below.

• Debian/openafs—upgrade to 1.4.6.dfsg1-1 or later
• Debian/openafs—upgrade to 1.4.2-6etch1 or later

Is CVE-2007-6599 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 1.4.6.dfsg1-1
• from 0, < 1.4.2-6etch1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-6599