CVE-2009-3516

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-3516
gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496 Vendor Advisory
http://www.securityfocus.com/bid/36545 Patch
http://www.vupen.com/english/advisories/2009/2788 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318
http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496 Vendor Advisory
http://www.securityfocus.com/bid/36545 Patch
http://www.vupen.com/english/advisories/2009/2788 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*
History

No history.

Information

Published : 2009-10-01 15:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-3516

Mitre link : CVE-2009-3516

CVE.ORG link : CVE-2009-3516

JSON object : View

Products Affected

ibm

  • aix
CWE
CWE-255

Credentials Management Errors