CVE-2009-0872 - OpenCVE

The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sun	Opensolaris Solaris

Configuration 1 [-]

OR	cpe:2.3:o:sun:opensolaris:::x86:::::*
	cpe:2.3:o:sun:opensolaris:snv_01::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_02::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_03::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_04::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_05::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_06::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_07::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_08::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_09::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_10::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_11::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_12::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_13::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_14::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_15::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_16::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_17::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_18::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_19::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_20::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_21::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_22::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_23::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_24::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_25::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_26::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_27::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_28::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_29::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_30::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_31::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_32::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_33::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_34::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_35::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_36::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_37::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_38::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_39::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_40::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_41::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_42::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_43::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_44::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_45::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_46::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_47::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_48::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_49::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_50::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_51::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_52::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_53::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_54::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_55::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_56::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_57::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_58::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_59::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_60::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_61::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_62::x86:::::
	cpe:2.3:o:sun:opensolaris:snv_63::x86:::::
cpe:2.3:o:sun:opensolaris:snv_64::x86:::::
cpe:2.3:o:sun:opensolaris:snv_65::x86:::::
cpe:2.3:o:sun:opensolaris:snv_66::x86:::::
cpe:2.3:o:sun:opensolaris:snv_67::x86:::::
cpe:2.3:o:sun:opensolaris:snv_68::x86:::::
cpe:2.3:o:sun:opensolaris:snv_69::x86:::::
cpe:2.3:o:sun:opensolaris:snv_70::x86:::::
cpe:2.3:o:sun:opensolaris:snv_71::x86:::::
cpe:2.3:o:sun:opensolaris:snv_72::x86:::::
cpe:2.3:o:sun:opensolaris:snv_73::x86:::::
cpe:2.3:o:sun:opensolaris:snv_74::x86:::::
cpe:2.3:o:sun:opensolaris:snv_75::x86:::::
cpe:2.3:o:sun:opensolaris:snv_76::x86:::::
cpe:2.3:o:sun:opensolaris:snv_77::x86:::::
cpe:2.3:o:sun:opensolaris:snv_78::x86:::::
cpe:2.3:o:sun:opensolaris:snv_79::x86:::::
cpe:2.3:o:sun:opensolaris:snv_80::x86:::::
cpe:2.3:o:sun:opensolaris:snv_81::x86:::::
cpe:2.3:o:sun:opensolaris:snv_82::x86:::::
cpe:2.3:o:sun:opensolaris:snv_83::x86:::::
cpe:2.3:o:sun:opensolaris:snv_84::x86:::::
cpe:2.3:o:sun:opensolaris:snv_85::x86:::::
cpe:2.3:o:sun:opensolaris:snv_86::x86:::::
cpe:2.3:o:sun:opensolaris:snv_87::x86:::::
cpe:2.3:o:sun:opensolaris:snv_88::x86:::::
cpe:2.3:o:sun:opensolaris:snv_89::x86:::::
cpe:2.3:o:sun:opensolaris:snv_90::x86:::::
cpe:2.3:o:sun:opensolaris:snv_91::x86:::::
cpe:2.3:o:sun:opensolaris:snv_92::x86:::::
cpe:2.3:o:sun:opensolaris:snv_93::x86:::::
cpe:2.3:o:sun:opensolaris:snv_94::x86:::::
cpe:2.3:o:sun:opensolaris:snv_95::x86:::::
cpe:2.3:o:sun:opensolaris:snv_96::x86:::::
cpe:2.3:o:sun:opensolaris:snv_97::x86:::::
cpe:2.3:o:sun:opensolaris:snv_98::x86:::::
cpe:2.3:o:sun:opensolaris:snv_99::x86:::::
cpe:2.3:o:sun:opensolaris:snv_100::x86:::::
cpe:2.3:o:sun:opensolaris:snv_101::x86:::::
cpe:2.3:o:sun:opensolaris:snv_102::x86:::::
cpe:2.3:o:sun:opensolaris:snv_103::x86:::::
cpe:2.3:o:sun:opensolaris:snv_104::x86:::::
cpe:2.3:o:sun:opensolaris:snv_105::x86:::::
cpe:2.3:o:sun:opensolaris:snv_106::x86:::::
cpe:2.3:o:sun:opensolaris:snv_107::x86:::::
cpe:2.3:o:sun:opensolaris:snv_108::x86:::::
cpe:2.3:o:sun:opensolaris:snv_109::x86:::::
cpe:2.3:o:sun:solaris:10::x86:::::

Configuration 2 [-]

OR	cpe:2.3:o:sun:opensolaris:::sparc:::::*
	cpe:2.3:o:sun:opensolaris:snv_01::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_02::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_03::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_04::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_05::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_06::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_07::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_08::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_09::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_10::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_11::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_12::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_13::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_14::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_15::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_16::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_17::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_18::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_19::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_20::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_21::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_22::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_23::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_24::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_25::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_26::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_27::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_28::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_29::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_30::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_31::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_32::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_33::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_34::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_35::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_36::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_37::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_38::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_39::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_40::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_41::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_42::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_43::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_44::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_45::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_46::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_47::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_48::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_49::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_50::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_51::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_52::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_53::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_54::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_55::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_56::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_57::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_58::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_59::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_60::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_61::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_62::sparc:::::
	cpe:2.3:o:sun:opensolaris:snv_63::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_64::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_65::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_66::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_67::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_68::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_69::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_70::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_71::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_72::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_73::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_74::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_75::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_76::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_77::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_78::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_79::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_80::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_81::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_82::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_83::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_84::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_85::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_86::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_87::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_88::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_89::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_90::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_91::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_92::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_93::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_94::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_95::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_96::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_97::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_98::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_99::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_100::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_101::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_102::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_103::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_104::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_105::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_106::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_107::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_108::sparc:::::
cpe:2.3:o:sun:opensolaris:snv_109::sparc:::::

No data.

References

Link	Providers
http://osvdb.org/52559
http://secunia.com/advisories/34213
http://secunia.com/advisories/34429
http://securitytracker.com/id?1021833
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-253588-1
http://support.avaya.com/elmodocs2/security/ASA-2009-093.htm
http://www.securityfocus.com/bid/34063
http://www.vupen.com/english/advisories/2009/0658
http://www.vupen.com/english/advisories/2009/0798
https://exchange.xforce.ibmcloud.com/vulnerabilities/49170

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-11T14:00:00

Updated: 2024-08-07T04:48:52.592Z

Reserved: 2009-03-11T00:00:00

Link: CVE-2009-0872

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-03-11T14:19:15.437

Modified: 2017-08-17T01:30:04.053

Link: CVE-2009-0872

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object