Vigil@nce: Solaris, access to Kerberized NFS shares
June 2009 by Vigil@nce
A local attacker can access to Kerberized NFS mount points.
Severity: 2/4
Consequences: user access/rights
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 04/06/2009
IMPACTED PRODUCTS
– OpenSolaris
– Sun Solaris
– Sun Trusted Solaris
DESCRIPTION OF THE VULNERABILITY
The access to the NFS service requires an authentication, based on
Unix accounts or on Kerberos.
When Kerberos is used, user credentials are kept in a local cache.
However, a local attacker can authenticate with cached
authentication data, belonging to another user. Technical details
are unknown.
A local attacker can therefore access to Kerberized NFS mount
points.
CHARACTERISTICS
Identifiers: 252787, 6802931, BID-35205, CVE-2009-1933,
VIGILANCE-VUL-8765
http://vigilance.fr/vulnerability/Solaris-access-to-Kerberized-NFS-shares-8765