CVE: CVE-2007-6599

Export to Word

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

S10 – Denial of Service

EPSS

Score: 0.01346
Percentile: 0.79186

CVSS Scoring

CVSS v2 Score: 4.3

Severity:

Mapped CWE(s)

CWE-362 : Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

All CAPEC(s)

CAPEC-26: Leveraging Race Conditions
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*
cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

← Back to Home