CVE-2015-7762
openafs - security update
EPSS 0.47%
Description
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.
How to fix CVE-2015-7762
To remediate CVE-2015-7762, upgrade the affected package to a fixed version below.
- Debian/openafs—upgrade to 1.6.15-1 or later
- Debian/openafs—upgrade to 1.6.1-3+deb7u5 or later
Is CVE-2015-7762 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.6.15-1
- from 0, < 1.6.1-3+deb7u5