1. CVE-Search
  2. CVE-2009-3516
ID CVE-2009-3516
Summary gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 19-09-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2009-11-30T04:00:32.911-05:00
class vulnerability
contributors
name Pai Peng
organization Hewlett-Packard
definition_extensions
  • comment IBM AIX 5300-07 is installed
    oval oval:org.mitre.oval:def:5707
  • comment IBM AIX 5300-08 is installed
    oval oval:org.mitre.oval:def:5293
  • comment IBM AIX 5300-09 is installed
    oval oval:org.mitre.oval:def:6306
  • comment IBM AIX 6100-00 is installed
    oval oval:org.mitre.oval:def:5589
  • comment IBM AIX 6100-01 is installed
    oval oval:org.mitre.oval:def:5959
  • comment IBM AIX 6100-02 is installed
    oval oval:org.mitre.oval:def:5685
description gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.
family unix
id oval:org.mitre.oval:def:6318
status accepted
submitted 2009-10-09T14:55:01.000-04:00
title AIX NFSv4 Kerberos vulnerability
version 42
refmap via4
aixapar
  • IZ49024
  • IZ49096
  • IZ49278
  • IZ50399
  • IZ50444
  • IZ50496
bid 36545
confirm http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc
vupen ADV-2009-2788
Last major update 19-09-2017 - 01:29
Published 01-10-2009 - 15:30
Last modified 19-09-2017 - 01:29
Back to Top