vulnerability announce CVE-2009-2282 Solaris: access to vntsd
Synthesis of the vulnerability

A local attacker can connect to vntsd in order to access to the console of a guest virtual system.

Severity: 2/4. Consequences: privileged access/rights. Provenance: user shell. Means of attack: 1 attack. Ability of attacker: technician (2/4). Confidence: confirmed by the editor (5/5). Diffusion of the vulnerable configuration: high (3/3). Creation date: 26/06/2009.

Impacted products

• OpenSolaris versions
• Sun Solaris versions

Description of the vulnerability

The vntsd (Virtual Network Terminal Server Daemon for Logical Domains) daemon is used to access to guest system consoles via a telnet client. Normally, only an authorised client can access to the console. However, the vntsd_listen_thread() function of the usr/src/cmd/vntsd/listen.c file does not check if the uid associated to the local socket is an allowed user. Every local user can therefore access to all consoles. A local attacker can thus connect to vntsd in order to access to the console of a guest virtual system.

Characteristics

Title: Solaris: access to vntsd Identifiers: 262708, 6781539, BID-35502, CVE-2009-2282, VIGILANCE-VUL-8827. Url: https://vigilance.fr/tree/1/8827

Information sources

Publications and announces Source example: Security Vulnerability in the Virtual Network Terminal Server Daemon (vntsd(1M)) for Logical Domains (LDoms) May Allow Unauthorized Access to Guest Domain Console

Solutions for this vulnerability

Patch or workaround

Supplements

Attack Exploit 0day or proof of concept