Vigil@nce: AIX, incorrect processing of NFSv4 groups
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
The NFSv4 service of AIX does not correctly manage users’ groups,
so an attacker can bypass access restrictions.
– Impacted products: AIX
– Severity: 2/4
– Creation date: 14/09/2012
DESCRIPTION OF THE VULNERABILITY
The AIX system provides a NFS service, so that remote
authenticated users can access to their files.
However, the NFSv4 service of AIX does not correctly manage users’
groups, so an attacker can bypass access restrictions.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/AIX-incorrect-processing-of-NFSv4-groups-11945