CVE DATABASE / CVE-2009-2282
CVE-2009-2282
CVSS 4.6 · MEDIUM
Summary
The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors.
CVSS 2.0 breakdown
| Base score | 4.6 (MEDIUM) |
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Weakness type (CWE)
Affected products
Oracle opensolarisOracle solaris
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://secunia.com/advisories/35547
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-141778-01-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-262708-1
- http://www.osvdb.org/55329
- http://www.securityfocus.com/bid/35502
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.