vulnerability announce CVE-2009-2282

Solaris: access to vntsd

Synthesis of the vulnerability

A local attacker can connect to vntsd in order to access to the console of a guest virtual system.

Severity: 2/4. Creation date: 26/06/2009.

Description of the vulnerability

The vntsd (Virtual Network Terminal Server Daemon for Logical Domains) daemon is used to access to guest system consoles via a telnet client. Normally, only an authorised client can access to the console. However, the vntsd_listen_thread() function of the usr/src/cmd/vntsd/listen.c file does not check if the uid associated to the local socket is an allowed user. Every local user can therefore access to all consoles. A local attacker can thus connect to vntsd in order to access to the console of a guest virtual system.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Solaris: access to vntsd. Keywords: Daemon Domains Logical Network Server Solaris Terminal Virtual access vntsd vntsd_listen_thread. Identifiers: 262708, 6781539, BID-35502, CVE-2009-2282, VIGILANCE-VUL-8827.

Information sources

Publications and announces Source example: Security Vulnerability in the Virtual Network Terminal Server Daemon (vntsd(1M)) for Logical Domains (LDoms) May Allow Unauthorized Access to Guest Domain Console

Solutions for this vulnerability

Patch or workaround

Supplements

Attack Exploit 0day or proof of concept

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service