PT-2009-3465 · Sun · Sun Solaris+1

Published

2009-03-11

Updated

2018-10-30

CVE-2009-0873

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Sun Solaris versions prior to snv 106 OpenSolaris versions prior to snv 106

Description The issue concerns the NFS daemon, which does not properly implement combinations of security modes when NFSv3 is used. This allows remote attackers to bypass intended access restrictions and read or modify files. The problem is related to security modes that override each other, such as a combination of the sec=sys and sec=krb5 security modes.

Recommendations For Sun Solaris versions prior to snv 106, update to a version after snv 106 to resolve the issue. For OpenSolaris versions prior to snv 106, update to a version after snv 106 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-0873

Affected Products

Opensolaris

Sun Solaris

PT-2009-3465 · Sun · Sun Solaris+1

CVE-2009-0873

Weakness Enumeration

Related Identifiers

Affected Products

References · 12