CVE-2009-0873

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-0873
The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other."

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://osvdb.org/52560
http://secunia.com/advisories/34225 Vendor Advisory
http://secunia.com/advisories/34435
http://securitytracker.com/id?1021832 Exploit
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1 Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-250306-1 Patch Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-096.htm
http://www.securityfocus.com/bid/34062 Exploit
http://www.vupen.com/english/advisories/2009/0657 Vendor Advisory
http://www.vupen.com/english/advisories/2009/0814
https://exchange.xforce.ibmcloud.com/vulnerabilities/49171
http://osvdb.org/52560
http://secunia.com/advisories/34225 Vendor Advisory
http://secunia.com/advisories/34435
http://securitytracker.com/id?1021832 Exploit
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1 Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-250306-1 Patch Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-096.htm
http://www.securityfocus.com/bid/34062 Exploit
http://www.vupen.com/english/advisories/2009/0657 Vendor Advisory
http://www.vupen.com/english/advisories/2009/0814
https://exchange.xforce.ibmcloud.com/vulnerabilities/49171
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:sun:opensolaris:snv_01:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_02:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_03:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_04:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_05:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_06:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_07:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_08:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_09:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_10:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_20:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_21:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_22:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_23:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_24:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_25:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_26:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_27:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_28:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_29:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_30:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_31:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_32:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_33:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_34:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_35:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_36:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_37:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_38:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_39:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_40:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_41:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_42:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_43:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_44:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_45:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_46:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_47:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_48:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_49:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_50:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_51:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_52:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_53:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_54:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_55:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_56:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_57:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_58:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_59:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_60:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_61:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_62:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_63:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_64:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_65:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_66:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_67:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_68:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_69:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_70:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_71:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_72:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_73:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_74:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_75:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_76:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_77:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_78:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_79:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_80:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_81:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_82:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_83:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_84:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_85:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_86:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_87:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_88:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_89:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_90:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_91:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_92:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_93:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_94:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_95:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_96:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_97:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_98:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_99:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:sun:opensolaris:snv_01:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_02:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_03:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_04:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_05:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_06:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_07:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_08:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_09:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_10:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_20:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_21:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_22:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_23:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_24:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_25:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_26:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_27:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_28:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_29:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_30:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_31:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_32:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_33:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_34:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_35:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_36:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_37:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_38:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_39:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_40:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_41:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_42:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_43:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_44:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_45:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_46:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_47:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_48:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_49:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_50:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_51:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_52:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_53:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_54:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_55:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_56:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_57:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_58:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_59:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_60:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_61:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_62:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_63:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_64:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_65:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_66:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_67:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_68:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_69:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_70:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_71:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_72:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_73:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_74:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_75:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_76:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_77:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_78:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_79:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_80:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_81:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_82:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_83:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_84:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_85:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_86:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_87:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_88:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_89:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_90:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_91:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_92:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_93:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_94:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_95:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_96:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_97:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_98:*:x86:*:*:*:*:*
cpe:2.3:o:sun:opensolaris:snv_99:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
History

21 Nov 2024, 01:01

Type Values Removed Values Added
References () http://osvdb.org/52560 - () http://osvdb.org/52560 -
References () http://secunia.com/advisories/34225 - Vendor Advisory () http://secunia.com/advisories/34225 - Vendor Advisory
References () http://secunia.com/advisories/34435 - () http://secunia.com/advisories/34435 -
References () http://securitytracker.com/id?1021832 - Exploit () http://securitytracker.com/id?1021832 - Exploit
References () http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1 - Patch, Vendor Advisory () http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1 - Patch, Vendor Advisory
References () http://sunsolve.sun.com/search/document.do?assetkey=1-66-250306-1 - Patch, Vendor Advisory () http://sunsolve.sun.com/search/document.do?assetkey=1-66-250306-1 - Patch, Vendor Advisory
References () http://support.avaya.com/elmodocs2/security/ASA-2009-096.htm - () http://support.avaya.com/elmodocs2/security/ASA-2009-096.htm -
References () http://www.securityfocus.com/bid/34062 - Exploit () http://www.securityfocus.com/bid/34062 - Exploit
References () http://www.vupen.com/english/advisories/2009/0657 - Vendor Advisory () http://www.vupen.com/english/advisories/2009/0657 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/0814 - () http://www.vupen.com/english/advisories/2009/0814 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/49171 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/49171 -
Information

Published : 2009-03-11 14:19

Updated : 2025-04-09 00:30

NVD link : CVE-2009-0873

Mitre link : CVE-2009-0873

CVE.ORG link : CVE-2009-0873

JSON object : View

Products Affected

sun

  • solaris
  • opensolaris
  • sunos
CWE
CWE-264

Permissions, Privileges, and Access Controls