Computer Security Global Security Mag Online anti virus spywares job oofers telecom and network security
- english:
- Product Reviews:
- Business News:
- MAGIC QUADRANT :
- Market News:
- WHITE PAPER:
- Special Reports:
- Interviews:
- Opinion:
- EVENTS:
- Security Vulnerability:
- Malware Update:
- Diary:
- Guide & Podcast:
- Jobs:
- International News:
- CONTACTS:
- TRAINING :
Global Security Magazine Online antivirus
Product Reviews
Business News
MAGIC QUADRANT 
Market News
Special Reports
Opinion
EVENTS
Security Vulnerability
Malware Update
Diary
Guide & Podcast
Jobs
International News
CONTACTS
Flux RSS
| Vigil@nce: Solaris, access to vntsd |
| July 2009 by Vigil@nce |
| A local attacker can connect to vntsd in order to access to the console of a guest virtual system. |
| Severity: 2/4 Consequences: privileged access/rights Provenance: user shell Means of attack: 1 attack Ability of attacker: technician (2/4) Confidence: confirmed by the editor (5/5) Diffusion of the vulnerable configuration: high (3/3) Creation date: 26/06/2009 IMPACTED PRODUCTS
DESCRIPTION OF THE VULNERABILITY The vntsd (Virtual Network Terminal Server Daemon for Logical Domains) daemon is used to access to guest system consoles via a telnet client. Normally, only an authorised client can access to the console. However, the vntsd_listen_thread() function of the usr/src/cmd/vntsd/listen.c file does not check if the uid associated to the local socket is an allowed user. Every local user can therefore access to all consoles. A local attacker can thus connect to vntsd in order to access to the console of a guest virtual system. CHARACTERISTICS Identifiers: 262708, 6781539, BID-35502, VIGILANCE-VUL-8827 http://vigilance.fr/vulnerability/Solaris-access-to-vntsd-8827 |
< previous next > |
OpenSolaris
