Debian: DSA-1271-1 Critical: OpenAFS Remote Escalation Bug Fix
debian
March 20, 2007
A design error has been identified in the OpenAFS, a cross-platform
distributed filesystem included with Debian
Summary
OpenAFS 1.3.81-3sarge2 changes the default behavior to disable setuid
files globally, including the local cell. It is important to note that
this change will not take effect until the AFS kernel module, built from
the openafs-modules-source package, is rebuilt and loaded into your
kernel. As a temporary workaround until the kernel module can be
reloaded, setuid support can be manually disabled for the local cell by
running the following command as root
fs setcell -cell
Following the application of this update, if you are certain there is
no security risk of an attacker forging AFS fileserver responses, you
can re-enable setuid status selectively with the following command,
however this should not be done on sites that are visible to the
Internet
fs setcell -cell
For the stable distribution (sarge), this problem has been fixed in
version 1.3.81-3sarge2. For the unstable distribution (sid) and the
upcoming stable distribution (etch), this problem wi...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!