CVE-2009-0872 Information
Description
The NFS server in Sun Solaris 10 and OpenSolaris before snv_111 does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes which allows remote attackers to bypass intended access restrictions and read or modify files as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.
Reference
http://osvdb.org/52559 http://secunia.com/advisories/34213 http://secunia.com/advisories/34429 http://securitytracker.com/id?1021833 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253588-1 http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm http://www.securityfocus.com/bid/34063 http://www.vupen.com/english/advisories/2009/0658 http://www.vupen.com/english/advisories/2009/0798 https://exchange.xforce.ibmcloud.com/vulnerabilities/49170
Share on: