Bug 1124102 (CVE-2015-6587) - VUL-0: CVE-2015-6587: openafs: vlserver allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.
Summary: VUL-0: CVE-2015-6587: openafs: vlserver allows remote authenticated users to ...
Status: RESOLVED UPSTREAM
Alias: CVE-2015-6587
Product: openSUSE Distribution
Classification: openSUSE
Component: Basesystem (show other bugs)
Version: Leap 42.3
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Christof Hanke
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/224140/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-04 06:29 UTC by Marcus Meissner
Modified: 2019-02-04 09:22 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-02-04 06:29:46 UTC 
CVE-2015-6587

The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause
a denial of service (out-of-bounds read and crash) via a crafted regular
expression in a VL_ListAttributesN2 RPC.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6587
Comment 1 Christof Hanke 2019-02-04 09:12:27 UTC 
Hi,

I don't understand this bug. Is it somehow still valid?
It is reported more than 3 years ago. 
We have the version 1.6.23 and 1.8.2 which are way beyond the required
minimum version of 1.6.13.

Many thanks,

Christof
Comment 2 Marcus Meissner 2019-02-04 09:22:22 UTC 
its weird it was opened this time.