CVE-2015-3285 Information

Description

The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.

Reference

http://www.debian.org/security/2015/dsa-3320 http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt http://www.securitytracker.com/id/1033262 https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13