Solaris 'nfs_portmon' Tunable Flaw May Let Remote Users Access Files on the Target System
|
|
SecurityTracker Alert ID: 1022492 |
|
SecurityTracker URL: http://securitytracker.com/id/1022492
|
|
CVE Reference:
CVE-2009-2296
(Links to External Site)
|
Updated: May 5 2010
|
Original Entry Date: Jul 1 2009
|
Impact:
Disclosure of system information, Disclosure of user information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in NFS on Solaris. A remote user can access files on the target server.
A remote user can exploit a flaw in the Solaris NFSv4 server kernel module 'nfs_portmon' tunable to gain read and write access to arbitrary files.
Anton Lundin reported this vulnerability.
|
Impact:
A remote user can access files on the target NFS share.
|
Solution:
Sun has issued a fix.
SPARC Platform
* Solaris 10 with patch 139991-03 or later
* OpenSolaris based upon builds snv_119 or later
x86 Platform
* Solaris 10 with patch 140109-03 or later
* OpenSolaris based upon builds snv_119 or later
The vendor's advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-262668-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-66-262668-1 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 1 Jul 2009 12:14:28 -0400
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-66-262668-1
|
262668
Security Vulnerability in the Solaris Network File System Version 4 (NFSv4) 'nfs_portmon' Tunable May Allow Unauthorized Network Access
|
|
