Executive Summary
Summary | |
---|---|
Title | Sun Alert 262668 Security Vulnerability in the Solaris Network File System Version 4 (NFSv4) 'nfs_portmon' Tunable May Allow Unauthorized Network Access |
Informations | |||
---|---|---|---|
Name | SUN-262668 | First vendor Publication | 2009-06-30 |
Vendor | Sun | Last vendor Modification | 2009-06-30 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 10 Operating System OpenSolaris A security vulnerability in the Solaris NFSv4 Server Kernel Module 'nfs_portmon' tunable may allow certain remote unprivileged users to gain unauthorized network access to share resources, thereby allowing those users to access (read and write) arbitrary files. Sun acknowledges with thanks, Anton Lundin for bringing this issue to our attention State: Resolved First released: 30-Jun-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_262668_security_vulnerability |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55519 | Solaris NFSv4 Server Kernel Module nfs_portmon Tunable Shared Resource Restri... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-07-09 | IAVM : 2009-T-0040 - Sun Solaris Network File System Unauthorized Network Access Vulnerability Severity : Category II - VMSKEY : V0019716 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | IBM AIX and Oracle Solaris nfsd v4 nfs_portmon security bypass attempt RuleID : 20248 - Revision : 4 - Type : PROTOCOL-RPC |