Mageia 9 MGASA-2025-0013 critical: OpenAFS crashes and exploits
mageia
January 18, 2025
A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix client
Summary
A local user can bypass the OpenAFS PAG (Process Authentication Group)
throttling mechanism in Unix client. (CVE-2024-10394)
An authenticated user can provide a malformed ACL to the fileserver's
StoreACL RPC, causing the fileserver to crash. (CVE-2024-10396)
A malicious server can crash the OpenAFS cache manager and other client
utilities, and possibly execute arbitrary code. (CVE-2024-10397)
References
- https://bugs.mageia.org/show_bug.cgi?id=33916
- https://www.cve.org/CVERecord?id=CVE-2024-10394
- https://www.cve.org/CVERecord?id=CVE-2024-10396
- https://www.cve.org/CVERecord?id=CVE-2024-10397
Topics Covered
Resolution
SRPMS
- 9/core/openafs-1.8.13.1-1.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 18 Jan 2025
URL: https://advisories.mageia.org/MGASA-2025-0013.html
Type: security
CVE: CVE-2024-10394,
CVE-2024-10396,
CVE-2024-10397
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!