CVE-2009-3517

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-3517
nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496 Vendor Advisory
http://www.securityfocus.com/bid/36544 Patch
http://www.vupen.com/english/advisories/2009/2788 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6366
http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496 Vendor Advisory
http://www.securityfocus.com/bid/36544 Patch
http://www.vupen.com/english/advisories/2009/2788 Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6366
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*
History

21 Nov 2024, 01:07

Type Values Removed Values Added
References () http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc - Patch, Vendor Advisory () http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc - Patch, Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024 - Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096 - Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278 - () http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278 -
References () http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399 - Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444 - Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496 - Vendor Advisory
References () http://www.securityfocus.com/bid/36544 - Patch () http://www.securityfocus.com/bid/36544 - Patch
References () http://www.vupen.com/english/advisories/2009/2788 - Vendor Advisory () http://www.vupen.com/english/advisories/2009/2788 - Vendor Advisory
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6366 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6366 -
Information

Published : 2009-10-01 15:30

Updated : 2024-11-21 01:07

NVD link : CVE-2009-3517

Mitre link : CVE-2009-3517

CVE.ORG link : CVE-2009-3517

JSON object : View

Products Affected

ibm

  • aix
CWE
NVD-CWE-noinfo