OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the client cache partition, fileserver vice partition, or certain RPC responses.