Vulnerabilities > CVE-2009-3517 - Authentication Bypass vulnerability in IBM AIX 'nfs_portmon'

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
ibm
critical
nessus

Summary

nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.

Vulnerable Configurations

Part Description Count
OS
Ibm
7

Nessus

  • NASL familyAIX Local Security Checks
    NASL idAIX_U825202.NASL
    descriptionThe remote host is missing AIX PTF U825202, which is related to the security of the package bos.net.nfs.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id39706
    published2009-07-09
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39706
    titleAIX 5.3 TL 9 : bos.net.nfs.client (U825202)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were extracted
    # from AIX Security PTF U825202. The text itself is copyright (C)
    # International Business Machines Corp.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39706);
      script_version ("1.4");
      script_cvs_date("Date: 2019/09/16 14:12:54");
    
      script_cve_id("CVE-2009-3516", "CVE-2009-3517");
    
      script_name(english:"AIX 5.3 TL 9 : bos.net.nfs.client (U825202)");
      script_summary(english:"Check for PTF U825202");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote AIX host is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is missing AIX PTF U825202, which is related to the
    security of the package bos.net.nfs.client."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install the appropriate missing security-related fix."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"AIX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp");
    
      exit(0);
    }
    
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("aix.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
    if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    flag = 0;
    
    if ( aix_check_patch(ml:"530009", patch:"U825202", package:"bos.net.nfs.client.5.3.9.3") < 0 ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAIX Local Security Checks
    NASL idAIX_U823931.NASL
    descriptionThe remote host is missing AIX PTF U823931, which is related to the security of the package bos.net.nfs.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id39079
    published2009-06-04
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39079
    titleAIX 6.1 TL 1 : bos.net.nfs.client (U823931)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were extracted
    # from AIX Security PTF U823931. The text itself is copyright (C)
    # International Business Machines Corp.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39079);
      script_version ("1.4");
      script_cvs_date("Date: 2019/09/16 14:12:53");
    
      script_cve_id("CVE-2009-3516", "CVE-2009-3517");
    
      script_name(english:"AIX 6.1 TL 1 : bos.net.nfs.client (U823931)");
      script_summary(english:"Check for PTF U823931");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote AIX host is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is missing AIX PTF U823931, which is related to the
    security of the package bos.net.nfs.client."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install the appropriate missing security-related fix."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(255);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/04/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"AIX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp");
    
      exit(0);
    }
    
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("aix.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
    if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    flag = 0;
    
    if ( aix_check_patch(ml:"610001", patch:"U823931", package:"bos.net.nfs.client.6.1.1.5") < 0 ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAIX Local Security Checks
    NASL idAIX_U825042.NASL
    descriptionThe remote host is missing AIX PTF U825042, which is related to the security of the package bos.net.nfs.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id39637
    published2009-07-09
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39637
    titleAIX 5.3 TL 7 : bos.net.nfs.client (U825042)
  • NASL familyAIX Local Security Checks
    NASL idAIX_U823848.NASL
    descriptionThe remote host is missing AIX PTF U823848, which is related to the security of the package bos.net.nfs.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id39026
    published2009-06-04
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39026
    titleAIX 6.1 : bos.net.nfs.client (U823848)
  • NASL familyAIX Local Security Checks
    NASL idAIX_U825103.NASL
    descriptionThe remote host is missing AIX PTF U825103, which is related to the security of the package bos.net.nfs.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id39666
    published2009-07-09
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39666
    titleAIX 5.3 TL 8 : bos.net.nfs.client (U825103)
  • NASL familyAIX Local Security Checks
    NASL idAIX_U824054.NASL
    descriptionThe remote host is missing AIX PTF U824054, which is related to the security of the package bos.net.nfs.client.
    last seen2020-06-01
    modified2020-06-02
    plugin id39136
    published2009-06-04
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39136
    titleAIX 6.1 TL 2 : bos.net.nfs.client (U824054)

Oval

accepted2009-11-30T04:00:35.147-05:00
classvulnerability
contributors
namePai Peng
organizationHewlett-Packard
definition_extensions
  • commentIBM AIX 5300-07 is installed
    ovaloval:org.mitre.oval:def:5707
  • commentIBM AIX 5300-08 is installed
    ovaloval:org.mitre.oval:def:5293
  • commentIBM AIX 5300-09 is installed
    ovaloval:org.mitre.oval:def:6306
  • commentIBM AIX 6100-00 is installed
    ovaloval:org.mitre.oval:def:5589
  • commentIBM AIX 6100-01 is installed
    ovaloval:org.mitre.oval:def:5959
  • commentIBM AIX 6100-02 is installed
    ovaloval:org.mitre.oval:def:5685
descriptionnfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.
familyunix
idoval:org.mitre.oval:def:6366
statusaccepted
submitted2009-10-09T14:55:01.000-04:00
titleAIX NFSv4 nfs_portmon vulnerability
version42