CVE-2013-4135

Published: Nov 5, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected (7)

Products: Openafs: Openafs · Debian: Debian Linux

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Openafs Openafs	Version 1.6.0
Openafs Openafs	Version 1.6.1
Openafs Openafs	Version 1.6.2.1
Openafs Openafs	Version 1.6.2
Openafs Openafs	Version 1.6.3
Openafs Openafs	Version 1.6.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Related CWEs

References (6)

http://www.debian.org/security/2013/dsa-2729

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2014:244

Source: secalert@redhat.com

Broken Link

http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2013/dsa-2729

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2014:244

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.openafs.org/pages/security/OPENAFS-SA-2013-004.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.