CVE-2007-6599

Name: CVE-2007-6599
Creator: NVD / NIST
Published: 2008-01-04T02:46:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.66%

Last modified Jun 16, 2026

CVE-2007-6599 is a vulnerability of currently unknown severity. Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.. EPSS estimates a 1.66% chance of exploitation in the next 30 days.

Description

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.

Metrics

EPSS Probability

1.66%

73.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-362

Affected Software

Vendor	Product	Versions
Openafs	Openafs	>= 1.3.50, <= 1.4.5
Openafs	Openafs	>= 1.5.0, <= 1.5.27
Debian	Debian Linux	3.1
Debian	Debian Linux	4.0

References

http://lists.openafs.org/pipermail/openafs-announce/2007/000220.htmlVendor Advisory
http://secunia.com/advisories/28327Third Party Advisory
http://secunia.com/advisories/28401Third Party Advisory
http://secunia.com/advisories/28433Third Party Advisory
http://secunia.com/advisories/28636Third Party Advisory
http://security.gentoo.org/glsa/glsa-200801-04.xmlThird Party Advisory
http://www.debian.org/security/2008/dsa-1458Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:207Third Party Advisory
http://www.novell.com/linux/security/advisories/suse_security_summary_report.htmlThird Party Advisory
http://www.openafs.org/security/OPENAFS-SA-2007-003.txtVendor Advisory
http://www.securityfocus.com/bid/27132Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2008/0046Third Party Advisory
http://lists.openafs.org/pipermail/openafs-announce/2007/000220.htmlVendor Advisory
http://secunia.com/advisories/28327Third Party Advisory
http://secunia.com/advisories/28401Third Party Advisory
http://secunia.com/advisories/28433Third Party Advisory
http://secunia.com/advisories/28636Third Party Advisory
http://security.gentoo.org/glsa/glsa-200801-04.xmlThird Party Advisory
http://www.debian.org/security/2008/dsa-1458Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:207Third Party Advisory
http://www.novell.com/linux/security/advisories/suse_security_summary_report.htmlThird Party Advisory
http://www.openafs.org/security/OPENAFS-SA-2007-003.txtVendor Advisory
http://www.securityfocus.com/bid/27132Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2008/0046Third Party Advisory

Timeline

Published: Jan 4, 2008
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-6599?

How severe is CVE-2007-6599?

Severity scoring for CVE-2007-6599 is pending analysis. The EPSS model estimates a 1.66% probability of exploitation in the next 30 days.

How do I fix CVE-2007-6599?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-6599?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST