CVE-2009-3516
First published: Thu Oct 01 2009(Updated: )
gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM AIX | =5.3.8 | |
| IBM AIX | =5.3.7 | |
| IBM AIX | =6.1.0 | |
| IBM AIX | =6.1.1 | |
| IBM AIX | =6.1 | |
| IBM AIX | =6.1.2 | |
| IBM AIX | =5.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024
- http://www.vupen.com/english/advisories/2009/2788
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496
- http://www.securityfocus.com/bid/36545
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444
- http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm aix
- version/ibm aix/5.3.8
- version/ibm aix/5.3.7
- version/ibm aix/6.1.0
- version/ibm aix/6.1.1
- version/ibm aix/6.1
- version/ibm aix/6.1.2
- version/ibm aix/5.3.0