CVE-2009-3516

{"id": "CVE-2009-3516", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-10-01T15:30:00.313", "references": [{"url": "http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50444", "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50496", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/36545", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/2788", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6318", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors."}, {"lang": "es", "value": "gssd en IBM AIX v5.3.x hasta v5.3.9 y v6.1.0 hasta v6.1.2 no maneja adecuadamente las credenciales de cach\u00e9 NFSv4 Kerberos, lo que permite a atacantes locales eludir las restricciones de acceso para el recurso compartido \"Kerberized NFSv4\" a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-09-19T01:29:38.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6DE57C2-E728-4016-9774-28FB4B0509AB"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57B11497-5622-4759-906A-A93A3E815584"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F9CD013-D904-45DF-AD43-493A22D5744B"}, {"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF"}, {"criteria": "cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF417123-CCB6-48AF-A21B-1974173D516B"}, {"criteria": "cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "362CFB2F-817A-4E55-A315-86B6243E3F74"}, {"criteria": "cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53544921-1C1A-4382-99D7-0F3011BA76DB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}