Executive Summary
Summary | |
---|---|
Title | Sun Alert 262708 Security Vulnerability in the Virtual Network Terminal Server Daemon (vntsd(1M)) for Logical Domains (LDoms) May Allow Unauthorized Access to Guest Domain Console |
Informations | |||
---|---|---|---|
Name | SUN-262708 | First vendor Publication | 2009-06-25 |
Vendor | Sun | Last vendor Modification | 2009-06-25 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 10 Operating System OpenSolaris A security vulnerability in the Solaris Virtual Network Terminal Server SPARC Platform
Notes: Solaris 8 and Solaris 9 are not affected as they do not support LDoms. Solaris on the x86 Platform is not affected by this issue as Logical Domains (LDoms) There are no predictable symptoms to indicate that this issue has been Until the resolution patches are applied, it is possible to 2. Allow console access to guest domains only from a separate sparse root zone. ldmctrl:#> svccfg -s vntsd setprop vntsd/listen_addr = <IP-address-of-sparse-root-zone> ldmctrl:#> svcadm refresh vntsd ldmctrl:#> svcadm enable vntsd Firewall rules may be required to allow access only from the This issue is addressed in the following releases:
For more information on Security Sun Alerts, see Technical Instruction ID 213557 http://sunsolve.sun.com/search/document.do?assetkey=1-61-213557-1 This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.
State: Resolved First released: 25-Jun-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_262708_security_vulnerability |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-39 | Manipulating Opaque Client-based Data Tokens |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-51 | Poison Web Service Registry |
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-60 | Reusing Session IDs (aka Session Replay) |
CAPEC-76 | Manipulating Input to File System Calls |
CAPEC-77 | Manipulating User-Controlled Variables |
CAPEC-87 | Forceful Browsing |
CAPEC-104 | Cross Zone Scripting |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 3 | |
Os | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55329 | Solaris Virtual Network Terminal Server vntsd Daemon for Logical Domains Unau... |
Alert History
Date | Informations |
---|---|
2013-02-06 19:08:24 |
|