CVE-2009-2282

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Sun Solaris 10 OpenSolaris versions snv 41 through snv 108

Description The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) on SPARC platforms does not check authorization for guest console access. This allows local control-domain users to gain guest-domain privileges via unknown vectors.

Recommendations For Sun Solaris 10, update the system to include the fix for the authorization issue in the Virtual Network Terminal Server daemon. For OpenSolaris versions snv 41 through snv 108, update the system to a version outside of this range to ensure the inclusion of the fix for the authorization issue in the Virtual Network Terminal Server daemon.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2009-2282

Affected Products

Opensolaris

Sun Solaris 10

CVE-2009-2282

Weakness Enumeration

Related Identifiers

Affected Products

References · 7