CVE-2009-3516
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
5.1%
gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | aix | 5.3.0 | cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:* |
| ibm | aix | 5.3.7 | cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:* |
| ibm | aix | 5.3.8 | cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:* |
| ibm | aix | 6.1 | cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:* |
| ibm | aix | 6.1.0 | cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:* |
| ibm | aix | 6.1.1 | cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:* |
| ibm | aix | 6.1.2 | cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:* |
References
aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc
www-01.ibm.com/support/docview.wss?uid=isg1IZ49024
www-01.ibm.com/support/docview.wss?uid=isg1IZ49096
www-01.ibm.com/support/docview.wss?uid=isg1IZ49278
www-01.ibm.com/support/docview.wss?uid=isg1IZ50399
www-01.ibm.com/support/docview.wss?uid=isg1IZ50444
www-01.ibm.com/support/docview.wss?uid=isg1IZ50496
www.securityfocus.com/bid/36545
www.vupen.com/english/advisories/2009/2788
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
5.1%