Vulnerability Description
gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Aix | 5.3.0 |
Related Weaknesses (CWE)
References
- http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.ascPatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496Vendor Advisory
- http://www.securityfocus.com/bid/36545Patch
- http://www.vupen.com/english/advisories/2009/2788Vendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.ascPatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399Vendor Advisory
FAQ
What is CVE-2009-3516?
CVE-2009-3516 is a vulnerability with a CVSS score of 7.2 (HIGH). gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized...
How severe is CVE-2009-3516?
CVE-2009-3516 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3516?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aix.