cvelistv5 - cve-2009-3516

cve-2009-3516

Vulnerability from cvelistv5

Published

2009-10-01 15:00

Modified

2024-08-07 06:31

Severity ?

Summary

gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/36545	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2009/2788	Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318
af854a3a-2127-422b-91ae-364da2661108	http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36545	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/2788	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:10.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-2788",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2788"
          },
          {
            "name": "IZ50496",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496"
          },
          {
            "name": "IZ50444",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444"
          },
          {
            "name": "IZ50399",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399"
          },
          {
            "name": "IZ49278",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278"
          },
          {
            "name": "oval:org.mitre.oval:def:6318",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318"
          },
          {
            "name": "IZ49096",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096"
          },
          {
            "name": "IZ49024",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024"
          },
          {
            "name": "36545",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36545"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-2788",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2788"
        },
        {
          "name": "IZ50496",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496"
        },
        {
          "name": "IZ50444",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444"
        },
        {
          "name": "IZ50399",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399"
        },
        {
          "name": "IZ49278",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278"
        },
        {
          "name": "oval:org.mitre.oval:def:6318",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318"
        },
        {
          "name": "IZ49096",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096"
        },
        {
          "name": "IZ49024",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024"
        },
        {
          "name": "36545",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36545"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3516",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-2788",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2788"
            },
            {
              "name": "IZ50496",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496"
            },
            {
              "name": "IZ50444",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444"
            },
            {
              "name": "IZ50399",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399"
            },
            {
              "name": "IZ49278",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278"
            },
            {
              "name": "oval:org.mitre.oval:def:6318",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318"
            },
            {
              "name": "IZ49096",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096"
            },
            {
              "name": "IZ49024",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024"
            },
            {
              "name": "36545",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36545"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3516",
    "datePublished": "2009-10-01T15:00:00",
    "dateReserved": "2009-10-01T00:00:00",
    "dateUpdated": "2024-08-07T06:31:10.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-3516\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-10-01T15:30:00.313\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"gssd en IBM AIX v5.3.x hasta v5.3.9 y v6.1.0 hasta v6.1.2 no maneja adecuadamente las credenciales de cach\u00e9 NFSv4 Kerberos, lo que permite a atacantes locales eludir las restricciones de acceso para el recurso compartido \\\"Kerberized NFSv4\\\" a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6DE57C2-E728-4016-9774-28FB4B0509AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57B11497-5622-4759-906A-A93A3E815584\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F9CD013-D904-45DF-AD43-493A22D5744B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD518B94-9CD7-4C45-8766-578CF427B4CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF417123-CCB6-48AF-A21B-1974173D516B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"362CFB2F-817A-4E55-A315-86B6243E3F74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53544921-1C1A-4382-99D7-0F3011BA76DB\"}]}]}],\"references\":[{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/36545\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2788\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/36545\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Action not permitted

cve-2009-3516

Vulnerability from cvelistv5

gsd-2009-3516

Vulnerability from gsd

ghsa-7v72-p9gx-28vj

Vulnerability from github

Tags