CVE-2009-2296 — Opensolaris vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

3.1%

top 13.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Opensolaris SUN Solaris

Timeline

PublishedJul 2

Latest updateMay 2

Description

The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDsun/opensolarissnv_95+117

▶NVDsun/solaris10

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-4qw2-xvcc-px75: The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows re↗2022-05-02

▶

CVEList

CVE-2009-2296: The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows re↗2009-07-02

▶