Executive Summary

Summary
Title Sun Alert 262668 Security Vulnerability in the Solaris Network File System Version 4 (NFSv4) 'nfs_portmon' Tunable May Allow Unauthorized Network Access
Informations
Name SUN-262668 First vendor Publication 2009-06-30
Vendor Sun Last vendor Modification 2009-06-30
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10 Operating System OpenSolaris

A security vulnerability in the Solaris NFSv4 Server Kernel Module 'nfs_portmon' tunable may allow certain remote unprivileged users to gain unauthorized network access to share resources, thereby allowing those users to access (read and write) arbitrary files.

Sun acknowledges with thanks, Anton Lundin for bringing this issue to our attention

State: Resolved
First released: 30-Jun-2009
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-262668-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_262668_security_vulnerability

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 375
Os 2

Open Source Vulnerability Database (OSVDB)

Id Description
55519 Solaris NFSv4 Server Kernel Module nfs_portmon Tunable Shared Resource Restri...

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-07-09 IAVM : 2009-T-0040 - Sun Solaris Network File System Unauthorized Network Access Vulnerability
Severity : Category II - VMSKEY : V0019716

Snort® IPS/IDS

Date Description
2014-01-10 IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt
RuleID : 20248 - Revision : 4 - Type : PROTOCOL-RPC