Launchpad.net

CVE 2013-4135

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

Related bugs and status

CVE-2013-4135 (Candidate) is related to these bugs:

Bug #1204195: OpenAFS Security Advisories 2013-0003 and 2013-0004

		In	Importance	Status
1204195	OpenAFS Security Advisories 2013-0003 and 2013-0004	openafs (Ubuntu)	Critical	Fix Released
1204195	OpenAFS Security Advisories 2013-0003 and 2013-0004	openafs (Ubuntu Precise)	Critical	Fix Released
1204195	OpenAFS Security Advisories 2013-0003 and 2013-0004	openafs (Ubuntu Quantal)	Critical	Fix Released
1204195	OpenAFS Security Advisories 2013-0003 and 2013-0004	openafs (Ubuntu Saucy)	Critical	Fix Released
1204195	OpenAFS Security Advisories 2013-0003 and 2013-0004	openafs (Ubuntu Raring)	Critical	Fix Released
1204195	OpenAFS Security Advisories 2013-0003 and 2013-0004	openafs (Ubuntu Lucid)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-4135

Related bugs and status

Related bugs

References