OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.
https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13
https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html
http://www.securitytracker.com/id/1033262
http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt