⚡ A working PoC showed an attacker could:
1. Critical Vulnerability: Uninitialized Memory (OPENAFS-SA-2014-002) afs3-fileserver exploit
OpenAFS, the open-source continuation of AFS, released a patch in December 2018. The commit message was brutally short: "fileserver: validate fragment lengths in rx packet" . ⚡ A working PoC showed an attacker could: 1
The OpenAFS codebase (specifically src/afs/afs_uuid.c and related server handling logic) assumes that incoming UUID structures conform to the standard 20-byte layout. However, certain XDR (External Data Representation) decoding routines do not enforce maximum lengths. the open-source continuation of AFS
It was not fine.