CVE-2009-0873 — Opensolaris vulnerability

CWE-2643 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

1.1%

top 22.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Opensolaris SUN Solaris SUN Sunos

Timeline

PublishedMar 11

Latest updateMay 2

Description

The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDsun/opensolaris90 versions+89

▶NVDsun/solaris10.0

▶NVDsun/sunos5.10

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-gq6x-qcc2-xccg: The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security m↗2022-05-02

▶

CVEList

CVE-2009-0873: The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security m↗2009-03-11

▶