QwikSec

Security Database

CVE

CWE

Training

CVE-2016-2860

Published: May 13, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17

x_refsource_CONFIRM

http://git.openafs.org/?p=openafs.git%3Ba=commitdiff%3Bh=396240cf070a806b91fea81131d034e1399af1e0

x_refsource_CONFIRM

[OpenAFS-announce] 20160316 OpenAFS security release 1.6.17 available

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.