Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: AIX, access to NFSv4

October 2009 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

An attacker can use two vulnerabilities of NFSv4, in order to
access to network shares.

Severity: 2/4

Consequences: data reading, data creation/edition, data deletion

Provenance: intranet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 2

Creation date: 30/09/2009

IMPACTED PRODUCTS

 IBM AIX

DESCRIPTION OF THE VULNERABILITY

The NFSv4 (Network File System version 4) service can be enabled
on AIX. It is impacted by two vulnerabilities.

When the NFSv4 access is Kerberized, a vulnerability in the
Kerberos credential cache can be used by a local attacker to
access to a share with no authorization. [grav:2/4; BID-36545,
CVE-2009-3516]

The nfs_portmon configuration directive requires NFS clients,
which connect to the local server, to use a privileged source port
number (between 512 and 1023). However, this directive is not
honoured when the version 4 of NFS is used. A NFSv4 client can
therefore connect to the NFS server with a source port number
superior to 1024. [grav:2/4; BID-36544, CVE-2009-3517]

An attacker can therefore use two vulnerabilities of NFSv4, in
order to access to network shares.

CHARACTERISTICS

Identifiers: BID-36544, BID-36545, CVE-2009-3516, CVE-2009-3517,
VIGILANCE-VUL-9058

http://vigilance.fr/vulnerability/AIX-access-to-NFSv4-9058


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts