CVE-2009-3516 — IBM AIX vulnerability

CWE-2554 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 76.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM AIX

Timeline

PublishedOct 1

Latest updateMay 2

Description

gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/aix7 versions+6

Patches

Patch: aix.software.ibm.com ↗Patch: www.securityfocus.com ↗Patch: aix.software.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-7v72-p9gx-28vj: gssd in IBM AIX 5↗2022-05-02

▶

CVEList

CVE-2009-3516: gssd in IBM AIX 5↗2009-10-01

▶

💬Community

Bugzilla

CVE-2009-1416 gnutls: All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2]↗2009-04-30

▶