First published: Thu Jun 11 2009(Updated: )
smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Solaris | =snv_101 | |
Solaris | =snv_90 | |
Solaris | =snv_93 | |
Solaris | =snv_110 | |
Solaris | =snv_85 | |
Solaris | =snv_87 | |
Solaris | =snv_87 | |
Solaris | =snv_91 | |
Solaris | =snv_92 | |
Solaris | =snv_85 | |
Solaris | =snv_104 | |
Solaris | =snv_103 | |
Solaris | =snv_105 | |
Solaris | =snv_88 | |
Solaris | =snv_93 | |
Solaris | =snv_103 | |
Solaris | =snv_84 | |
Solaris | =snv_106 | |
Solaris | =snv_106 | |
Solaris | =snv_86 | |
Solaris | =snv_100 | |
Solaris | =snv_107 | |
Solaris | =snv_89 | |
Solaris | =snv_90 | |
Solaris | =snv_96 | |
Solaris | =snv_99 | |
Solaris | =snv_107 | |
Solaris | =snv_97 | |
Solaris | =snv_100 | |
Solaris | =snv_96 | |
Solaris | =snv_94 | |
Solaris | =snv_86 | |
Solaris | =snv_98 | |
Solaris | =snv_98 | |
Solaris | =snv_109 | |
Solaris | =snv_95 | |
Solaris | =snv_108 | |
Solaris | =snv_102 | |
Solaris | =snv_105 | |
Solaris | =snv_108 | |
Solaris | =snv_95 | |
Solaris | =snv_88 | |
Solaris | =snv_84 | |
Solaris | =snv_92 | |
Solaris | =snv_104 | |
Solaris | =snv_94 | |
Solaris | =snv_101 | |
Solaris | =snv_97 | |
Solaris | =snv_99 | |
Solaris | =snv_109 | |
Solaris | =snv_102 | |
Solaris | =snv_110 | |
Solaris | =snv_91 | |
Solaris | =snv_89 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2009-2031 is considered a moderate severity vulnerability due to the potential for unauthorized access to files and directories on CIFS volumes.
To fix CVE-2009-2031, configure the mount permissions for smbfs to restrict access to authorized users only.
CVE-2009-2031 affects local users of the Sun OpenSolaris versions from snv_84 to snv_110.
CVE-2009-2031 is a local security vulnerability that allows unauthorized file and directory access.
As of now, specific exploits for CVE-2009-2031 have not been publicly disclosed, but the vulnerability poses a risk through improper access permissions.