CVE-2019-9579
HIGH
8,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: none
Description
AI Translation Available
An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream).
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0069
Percentile
0,7th
Updated
EPSS Score Trend (Last 90 Days)
276
Incorrect Default Permissions
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Potential Impacts:
Read Application Data
Modify Application Data
Applicable Platforms
Technologies:
Not Technology-Specific, ICS/OT
Operating System
Solaris by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Illumos by Illumos
CPE Identifier
View Detailed Analysis
cpe:2.3:a:illumos:illumos:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.illumos.org/issues/10506
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.illumos.org/issues/10506
https://www.oracle.com/security-alerts/cpuapr2020.html