7.2
CVE-2009-3516
- EPSS 0.38%
- Veröffentlicht 01.10.2009 15:30:00
- Zuletzt bearbeitet 16.06.2026 23:11:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.291 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444
http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496
http://www.securityfocus.com/bid/36545
http://www.vupen.com/english/advisories/2009/2788
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318