CVE-2016-9772
openafs - security update
5.3
MEDIUM
CVSS 3.1
EPSS 0.26%
Description
OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses.
How to fix CVE-2016-9772
To remediate CVE-2016-9772, upgrade the affected package to a fixed version below.
- Debian/openafs—upgrade to 1.6.20-1 or later
- —upgrade to 1.6.1-3+deb7u7 or later
Is CVE-2016-9772 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.6.20-1
- from 0, < 1.6.1-3+deb7u7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |