CVE-2009-0872Opensolaris vulnerability

CWE-2643 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.8%
top 26.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SUN OpensolarisSUN Solaris
Timeline
PublishedMar 11
Latest updateMay 2

Description

The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDsun/opensolarissnv_110+109
NVDsun/solaris10

Patches

Patch: sunsolve.sun.comPatch: sunsolve.sun.comPatch: sunsolve.sun.com

🔴Vulnerability Details

2
GHSA
GHSA-3cqq-q3c4-9jg6: The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combinatio2022-05-02
CVEList
CVE-2009-0872: The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combinatio2009-03-11
CVE-2009-0872 — SUN Opensolaris vulnerability | cvebase