gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.
References
| Link | Resource |
|---|---|
| http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc | Patch Vendor Advisory |
| http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024 | Vendor Advisory |
| http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096 | Vendor Advisory |
| http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278 | Vendor Advisory |
| http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399 | Vendor Advisory |
| http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444 | |
| http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496 | Vendor Advisory |
| http://www.securityfocus.com/bid/36545 | Patch |
| http://www.vupen.com/english/advisories/2009/2788 | Vendor Advisory |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-10-01T15:00:00
Updated: 2017-09-18T12:57:01
Reserved: 2009-10-01T00:00:00
Link: CVE-2009-3516
JSON object: View
NVD Information
Status : Modified
Published: 2009-10-01T15:30:00.313
Modified: 2017-09-19T01:29:38.610
Link: CVE-2009-3516
JSON object: View
Redhat Information
No data.
CWE