CVE-2015-7763 Information

Description

rx/rx.c in OpenAFS 1.5.75 through 1.5.78 1.6.x before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network.

Reference

http://www.debian.org/security/2015/dsa-3387 http://www.securitytracker.com/id/1034039 https://lists.openafs.org/pipermail/openafs-announce/2015/000493.html https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15 https://www.openafs.org/pages/security/OPENAFS-SA-2015-007.txt