Lucene search

MitreCVE-2009-3517

HistoryOct 01, 2009 - 3:30 p.m.

CVE-2009-3517

2009-10-0115:30:00

mitre

web.nvd.nist.gov

ibm aix

nfs.ext

vulnerability

bypass

nfsv4

access restrictions

cve-2009-3517

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.016

Percentile

87.4%

JSON

nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.

Affected configurations

Nvd

Node

ibmaixMatch5.3.0

ibmaixMatch5.3.7

ibmaixMatch5.3.8

ibmaixMatch6.1

ibmaixMatch6.1.0

ibmaixMatch6.1.1

ibmaixMatch6.1.2

VendorProductVersionCPE
ibmaix5.3.0cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*
ibmaix5.3.7cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*
ibmaix5.3.8cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*
ibmaix6.1cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
ibmaix6.1.0cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*
ibmaix6.1.1cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*
ibmaix6.1.2cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	aix	5.3.0	cpe:2.3:o:ibm:aix:5.3.0:::::::*
ibm	aix	5.3.7	cpe:2.3:o:ibm:aix:5.3.7:::::::*
ibm	aix	5.3.8	cpe:2.3:o:ibm:aix:5.3.8:::::::*
ibm	aix	6.1	cpe:2.3:o:ibm:aix:6.1:::::::*
ibm	aix	6.1.0	cpe:2.3:o:ibm:aix:6.1.0:::::::*
ibm	aix	6.1.1	cpe:2.3:o:ibm:aix:6.1.1:::::::*
ibm	aix	6.1.2	cpe:2.3:o:ibm:aix:6.1.2:::::::*

References

aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc

www-01.ibm.com/support/docview.wss?uid=isg1IZ49024

www-01.ibm.com/support/docview.wss?uid=isg1IZ49096

www-01.ibm.com/support/docview.wss?uid=isg1IZ49278

www-01.ibm.com/support/docview.wss?uid=isg1IZ50399

www-01.ibm.com/support/docview.wss?uid=isg1IZ50444

www-01.ibm.com/support/docview.wss?uid=isg1IZ50496

www.securityfocus.com/bid/36544

www.vupen.com/english/advisories/2009/2788

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6366

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.016

Percentile

87.4%

JSON

Related for CVE-2009-3517