CVE-2009-3706 [Medium] | Security Bypass in Opensolaris

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-12-28	0.06%	0.05%	-0.01%
2	2025-12-27	0.05%	0.06%	+0.01%
3	2025-10-28	—	0.05%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-12-28

0.06%

0.05%

-0.01%

2025-12-27

0.05%

0.06%

+0.01%

2025-10-28

—

0.05%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.4	2.0	MEDIUM	`AV:L/AC:M/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	3.4	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.4

2.0

MEDIUM

AV:L/AC:M/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

3.4

6.4

[email protected]

NVD evaluator notes for CVE-2009-3706

Impact: Per: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265908-1 1. Impact A security vulnerability in the ZFS file system in OpenSolaris and Solaris 10 systems with patches 137137-09 (SPARC) or 137138-09 (x86) installed may allow a local unprivileged user with the 'file_chown_self' privilege to take ownership of files belonging to another user.

Comment: Per: http://sunsolve.sun.com/search/document.do?assetkey=1-66-265908-1 "Notes: 1. Solaris 8 and 9 are not impacted by this issue. 2. OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows: $ uname -v snv_86 3. This issue only affects systems with ZFS file systems where local users have been granted the {PRIV_FILE_CHOWN_SELF} (see chown(2)) privilege which allows them to modify ownership of files where the ownership matches the user's current effective user ID. If the default operating system configuration option '{_POSIX_CHOWN_RESTRICTED}' has been disabled then the 'file_chown_self' privilege is asserted in the inheritable set of all processes unless overridden by policy.conf(4) or user_attr(4)."

Affected software / configurations for CVE-2009-3706

Vendor	Product	Version	Raw CPE
sun	opensolaris	snv_100	cpe:2.3:o:sun:opensolaris:snv_100::sparc:::::
sun	opensolaris	snv_101	cpe:2.3:o:sun:opensolaris:snv_101::sparc:::::
sun	opensolaris	snv_102	cpe:2.3:o:sun:opensolaris:snv_102::sparc:::::
sun	opensolaris	snv_103	cpe:2.3:o:sun:opensolaris:snv_103::sparc:::::
sun	opensolaris	snv_104	cpe:2.3:o:sun:opensolaris:snv_104::sparc:::::
sun	opensolaris	snv_105	cpe:2.3:o:sun:opensolaris:snv_105::sparc:::::
sun	opensolaris	snv_106	cpe:2.3:o:sun:opensolaris:snv_106::sparc:::::
sun	opensolaris	snv_107	cpe:2.3:o:sun:opensolaris:snv_107::sparc:::::
sun	opensolaris	snv_108	cpe:2.3:o:sun:opensolaris:snv_108::sparc:::::
sun	opensolaris	snv_109	cpe:2.3:o:sun:opensolaris:snv_109::sparc:::::
sun	opensolaris	snv_110	cpe:2.3:o:sun:opensolaris:snv_110::sparc:::::
sun	opensolaris	snv_111	cpe:2.3:o:sun:opensolaris:snv_111::sparc:::::
sun	opensolaris	snv_112	cpe:2.3:o:sun:opensolaris:snv_112::sparc:::::
sun	opensolaris	snv_113	cpe:2.3:o:sun:opensolaris:snv_113::sparc:::::
sun	opensolaris	snv_114	cpe:2.3:o:sun:opensolaris:snv_114::sparc:::::
sun	opensolaris	snv_115	cpe:2.3:o:sun:opensolaris:snv_115::sparc:::::
sun	opensolaris	snv_116	cpe:2.3:o:sun:opensolaris:snv_116::sparc:::::
sun	opensolaris	snv_117	cpe:2.3:o:sun:opensolaris:snv_117::sparc:::::
sun	solaris	10	cpe:2.3:o:sun:solaris:10::sparc:::::
sun	solaris	10.0	cpe:2.3:o:sun:solaris:10.0::sparc:::::
sun	opensolaris	snv_100	cpe:2.3:o:sun:opensolaris:snv_100::x86:::::
sun	opensolaris	snv_101	cpe:2.3:o:sun:opensolaris:snv_101::x86:::::
sun	opensolaris	snv_102	cpe:2.3:o:sun:opensolaris:snv_102::x86:::::
sun	opensolaris	snv_103	cpe:2.3:o:sun:opensolaris:snv_103::x86:::::
sun	opensolaris	snv_104	cpe:2.3:o:sun:opensolaris:snv_104::x86:::::
sun	opensolaris	snv_105	cpe:2.3:o:sun:opensolaris:snv_105::x86:::::
sun	opensolaris	snv_106	cpe:2.3:o:sun:opensolaris:snv_106::x86:::::
sun	opensolaris	snv_107	cpe:2.3:o:sun:opensolaris:snv_107::x86:::::
sun	opensolaris	snv_108	cpe:2.3:o:sun:opensolaris:snv_108::x86:::::
sun	opensolaris	snv_109	cpe:2.3:o:sun:opensolaris:snv_109::x86:::::
sun	opensolaris	snv_110	cpe:2.3:o:sun:opensolaris:snv_110::x86:::::
sun	opensolaris	snv_111	cpe:2.3:o:sun:opensolaris:snv_111::x86:::::
sun	opensolaris	snv_112	cpe:2.3:o:sun:opensolaris:snv_112::x86:::::
sun	opensolaris	snv_113	cpe:2.3:o:sun:opensolaris:snv_113::x86:::::
sun	opensolaris	snv_114	cpe:2.3:o:sun:opensolaris:snv_114::x86:::::
sun	opensolaris	snv_115	cpe:2.3:o:sun:opensolaris:snv_115::x86:::::
sun	opensolaris	snv_116	cpe:2.3:o:sun:opensolaris:snv_116::x86:::::
sun	opensolaris	snv_117	cpe:2.3:o:sun:opensolaris:snv_117::x86:::::
sun	solaris	10	cpe:2.3:o:sun:solaris:10::x86:::::

References for CVE-2009-3706

URL	Tags
http://secunia.com/advisories/37010	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141444-09-1	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265908-1	Patch Vendor Advisory
http://www.securityfocus.com/bid/36702
http://www.vupen.com/english/advisories/2009/2917	Vendor Advisory

URL

CVE-2009-3706

Exploit prediction scoring system (EPSS) score for CVE-2009-3706

Common vulnerability scoring system (CVSS) metrics for CVE-2009-3706

Weakness enumeration for CVE-2009-3706

NVD evaluator notes for CVE-2009-3706

Affected software / configurations for CVE-2009-3706

References for CVE-2009-3706