Lucene search

PRIOn knowledge basePRION:CVE-2009-3516

HistoryOct 01, 2009 - 3:30 p.m.

Design/Logic Flaw

2009-10-0115:30:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.

CPENameOperatorVersion
aixeq5.3.8
aixeq5.3.7
aixeq6.1.0
aixeq6.1.1
aixeq6.1
aixeq6.1.2
aixeq5.3.0

Name	Operator	Version
aix	eq	5.3.8
aix	eq	5.3.7
aix	eq	6.1.0
aix	eq	6.1.1
aix	eq	6.1
aix	eq	6.1.2
aix	eq	5.3.0

References

aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc

www-01.ibm.com/support/docview.wss?uid=isg1IZ49024

www-01.ibm.com/support/docview.wss?uid=isg1IZ49096

www-01.ibm.com/support/docview.wss?uid=isg1IZ49278

www-01.ibm.com/support/docview.wss?uid=isg1IZ50399

www-01.ibm.com/support/docview.wss?uid=isg1IZ50444

www-01.ibm.com/support/docview.wss?uid=isg1IZ50496

www.securityfocus.com/bid/36545

www.vupen.com/english/advisories/2009/2788

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318