Back to search
CVE-2009-0872
Published: Mar 11, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
253588
vendor-advisory
x_refsource_SUNALERT
http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm
x_refsource_CONFIRM
52559
vdb-entry
x_refsource_OSVDB
1021833
vdb-entry
x_refsource_SECTRACK
solaris-nfssec-unauthorized-access(49170)
vdb-entry
x_refsource_XF
ADV-2009-0658
vdb-entry
x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1
x_refsource_CONFIRM
34063
vdb-entry
x_refsource_BID
34429
third-party-advisory
x_refsource_SECUNIA
34213
third-party-advisory
x_refsource_SECUNIA
ADV-2009-0798
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now