CVE-2009-3516

EPSS 0.08%
Published 01.10.2009 15:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Aix Version5.3.0

Ibm ≫ Aix Version5.3.7

Ibm ≫ Aix Version5.3.8

Ibm ≫ Aix Version6.1

Ibm ≫ Aix Version6.1.0

Ibm ≫ Aix Version6.1.1

Ibm ≫ Aix Version6.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.208

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc

Patch

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444

http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496

Vendor Advisory

http://www.securityfocus.com/bid/36545

Patch

http://www.vupen.com/english/advisories/2009/2788

Vendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318

https://nvd.nist.gov/vuln/detail/CVE-2009-3516

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3516

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3516

EUVD