CVE-2009-0872

Name of the Vulnerable Software and Affected Versions Sun Solaris versions 10 OpenSolaris versions prior to snv 111

Description The issue concerns the NFS server's improper implementation of the AUTH NONE security mode when combined with other security modes. This allows remote attackers to bypass access restrictions, enabling them to read or modify files. An example of this vulnerability is when AUTH NONE is used in combination with AUTH SYS.

Recommendations For Sun Solaris 10, consider restricting access to the NFS server until a proper fix is applied. For OpenSolaris versions prior to snv 111, update to a version after snv 111 to resolve the issue. As a temporary workaround, consider disabling the use of the AUTH NONE security mode in combination with other modes until a patch is available.