The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-11T14:00:00

Updated: 2024-08-07T04:48:52.592Z

Reserved: 2009-03-11T00:00:00

Link: CVE-2009-0872

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-03-11T14:19:15.437

Modified: 2024-11-21T01:01:06.953

Link: CVE-2009-0872

cve-icon Redhat

No data.