| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability announce CVE-2009-2282
Solaris: access to vntsd
Synthesis of the vulnerability
| A local attacker can connect to vntsd in order to access to the console of a guest virtual system. |
Severity: 2/4.
Creation date: 26/06/2009.
|
Impacted products
Description of the vulnerability
The vntsd (Virtual Network Terminal Server Daemon for Logical Domains) daemon is used to access to guest system consoles via a telnet client.
Normally, only an authorised client can access to the console. However, the vntsd_listen_thread() function of the usr/src/cmd/vntsd/listen.c file does not check if the uid associated to the local socket is an allowed user. Every local user can therefore access to all consoles.
A local attacker can thus connect to vntsd in order to access to the console of a guest virtual system. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: Solaris: access to vntsd.
Keywords: Daemon Domains Logical Network Server Solaris Terminal Virtual access vntsd vntsd_listen_thread.
Identifiers: 262708, 6781539, BID-35502, CVE-2009-2282, VIGILANCE-VUL-8827.
|
Information sources
Solutions for this vulnerability
Supplements
Computer vulnerabilities tracking service
Vigil@nce provides a systems vulnerabilities management. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system.
|
