Improper Padding Initialization in OpenAFS Rx Acknowledgement Packet Vulnerability

Improper Padding Initialization in OpenAFS Rx Acknowledgement Packet Vulnerability

CVE-2015-7763 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

Learn more about our Network Penetration Testing.