Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability announce CVE-2009-2282

Solaris: access to vntsd

Synthesis of the vulnerability

A local attacker can connect to vntsd in order to access to the console of a guest virtual system.
Severity: 2/4.
Creation date: 26/06/2009.

Impacted products

Description of the vulnerability

The vntsd (Virtual Network Terminal Server Daemon for Logical Domains) daemon is used to access to guest system consoles via a telnet client.

Normally, only an authorised client can access to the console. However, the vntsd_listen_thread() function of the usr/src/cmd/vntsd/listen.c file does not check if the uid associated to the local socket is an allowed user. Every local user can therefore access to all consoles.

A local attacker can thus connect to vntsd in order to access to the console of a guest virtual system.

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter Yahoo 

Complete Vigil@nce bulletin

Solaris: access to vntsd

Characteristics

Title: Solaris: access to vntsd.
Keywords: Daemon Domains Logical Network Server Solaris Terminal Virtual access vntsd vntsd_listen_thread.
Identifiers: 262708, 6781539, BID-35502, CVE-2009-2282, VIGILANCE-VUL-8827.

Information sources

Publications and announces
Source example: Security Vulnerability in the Virtual Network Terminal Server Daemon (vntsd(1M)) for Logical Domains (LDoms) May Allow Unauthorized Access to Guest Domain Console

Solutions for this vulnerability

Patch or workaround

Supplements

Attack

Exploit 0day or proof of concept

Computer vulnerabilities tracking service

Vigil@nce provides a systems vulnerabilities management. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system.



















Copyright 1999-2012 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française