Think you have a false positive on this rule?

Sid 1-20248

Message

PROTOCOL-RPC IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt

Summary

The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv119, does not properly implement the nfsportmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.

Impact

CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2009-2296:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2009-3517:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2009-2296: The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv119, does not properly implement the nfsportmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.

CVE-2009-3517: nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.

Affected systems

  • sun opensolaris snv_01
  • sun opensolaris snv_02
  • sun opensolaris snv_03
  • sun opensolaris snv_04
  • sun opensolaris snv_05
  • sun opensolaris snv_06
  • sun opensolaris snv_07
  • sun opensolaris snv_08
  • sun opensolaris snv_09
  • sun opensolaris snv_10
  • sun opensolaris snv_11
  • sun opensolaris snv_12
  • sun opensolaris snv_13
  • sun opensolaris snv_14
  • sun opensolaris snv_15
  • sun opensolaris snv_16
  • sun opensolaris snv_17
  • sun opensolaris snv_18
  • sun opensolaris snv_19
  • sun opensolaris snv_20
  • sun opensolaris snv_21
  • sun opensolaris snv_22
  • sun opensolaris snv_23
  • sun opensolaris snv_24
  • sun opensolaris snv_25
  • sun opensolaris snv_26
  • sun opensolaris snv_27
  • sun opensolaris snv_28
  • sun opensolaris snv_29
  • sun opensolaris snv_30
  • sun opensolaris snv_31
  • sun opensolaris snv_32
  • sun opensolaris snv_33
  • sun opensolaris snv_34
  • sun opensolaris snv_35
  • sun opensolaris snv_36
  • sun opensolaris snv_37
  • sun opensolaris snv_38
  • sun opensolaris snv_39
  • sun opensolaris snv_40
  • sun opensolaris snv_41
  • sun opensolaris snv_42
  • sun opensolaris snv_43
  • sun opensolaris snv_44
  • sun opensolaris snv_45
  • sun opensolaris snv_46
  • sun opensolaris snv_47
  • sun opensolaris snv_48
  • sun opensolaris snv_49
  • sun opensolaris snv_50
  • sun opensolaris snv_51
  • sun opensolaris snv_52
  • sun opensolaris snv_53
  • sun opensolaris snv_54
  • sun opensolaris snv_55
  • sun opensolaris snv_56
  • sun opensolaris snv_57
  • sun opensolaris snv_58
  • sun opensolaris snv_59
  • sun opensolaris snv_60
  • sun opensolaris snv_61
  • sun opensolaris snv_62
  • sun opensolaris snv_63
  • sun opensolaris snv_64
  • sun opensolaris snv_65
  • sun opensolaris snv_66
  • sun opensolaris snv_67
  • sun opensolaris snv_68
  • sun opensolaris snv_69
  • sun opensolaris snv_70
  • sun opensolaris snv_71
  • sun opensolaris snv_72
  • sun opensolaris snv_73
  • sun opensolaris snv_74
  • sun opensolaris snv_75
  • sun opensolaris snv_76
  • sun opensolaris snv_77
  • sun opensolaris snv_78
  • sun opensolaris snv_79
  • sun opensolaris snv_80
  • sun opensolaris snv_81
  • sun opensolaris snv_82
  • sun opensolaris snv_83
  • sun opensolaris snv_84
  • sun opensolaris snv_85
  • sun opensolaris snv_86
  • sun opensolaris snv_87
  • sun opensolaris snv_88
  • sun opensolaris snv_89
  • sun opensolaris snv_90
  • sun opensolaris snv_91
  • sun opensolaris snv_92
  • sun opensolaris snv_93
  • sun opensolaris snv_94
  • sun opensolaris snv_95
  • sun opensolaris snv_96
  • sun opensolaris snv_97
  • sun opensolaris snv_98
  • sun opensolaris snv_99
  • sun opensolaris snv_100
  • sun opensolaris snv_101
  • sun opensolaris snv_102
  • sun opensolaris snv_103
  • sun opensolaris snv_104
  • sun opensolaris snv_105
  • sun opensolaris snv_106
  • sun opensolaris snv_107
  • sun opensolaris snv_108
  • sun opensolaris snv_109
  • sun opensolaris snv_110
  • sun opensolaris snv_111
  • sun opensolaris snv_112
  • sun opensolaris snv_113
  • sun opensolaris snv_114
  • sun opensolaris snv_115
  • sun opensolaris snv_116
  • sun opensolaris snv_117
  • sun opensolaris snv_118
  • sun solaris 10
  • ibm aix 5.3.0
  • ibm aix 5.3.7
  • ibm aix 5.3.8
  • ibm aix 6.1
  • ibm aix 6.1.0
  • ibm aix 6.1.1
  • ibm aix 6.1.2

Ease of attack

CVE-2009-2296:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2009-3517:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References