An unauthenticated attacker can send a specially crafted volume-related RPC request. Because the server fails to properly validate the length of certain input parameters before copying them into a fixed-size buffer, it triggers a stack-based buffer overflow.
The refers to a class of security vulnerabilities affecting systems running the Andrew File System (AFS), specifically its version 3 (AFS-3) implementation. Traditionally found on port 7000/UDP, these vulnerabilities allow attackers to compromise file server availability or gain unauthorized access to distributed file systems. Understanding the AFS-3 Protocol Architecture afs3-fileserver exploit
Summary