CVE-2009-0872

CVE-2009-0872 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.

Learn more about our Cis Benchmark Audit For Oracle Solaris.