Executive Summary

Title Sun Alert 240866 Security Vulnerability in Solaris 10 NFS Remote Procedure Calls (RPCs) May Allow a Denial of Service (DoS) or Data Integrity Issues for Non-Global Zones
Name SUN-240866 First vendor Publication 2008-08-25
Vendor Sun Last vendor Modification 2008-08-25
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Product: Solaris 10 Operating System OpenSolaris

A security vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation may allow a local user with administrative privileges in a non-global zone to intercept and corrupt NFS traffic destined for other non-global zones on the system.?? This may result in a Denial of Service (DoS) to the NFS services in the affected non-global zones.

Sun acknowledges with thanks, Hewitt Associates for reporting this issues.

State: Resolved
First released: 25-Aug-2008

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_240866_security_vulnerability

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

Os 264
Os 2

Open Source Vulnerability Database (OSVDB)

Id Description
47826 Solaris NFS RPC Zones Arbitrary Non-local Zone Local NFS Traffic Manipulation

Solaris contains a flaw that may allow a local denial of service. The issue is triggered when an unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation allows an attacker to intercept and corrupt NFS traffic occurs, and will result in loss of availability for the service.

Alert History

If you want to see full details history, please login or register.
Date Informations
2013-02-06 19:08:18
  • Multiple Updates