Sun Solaris虚拟网络终端服务守护程序未授权访问漏洞

漏洞起因
设计错误
 
影响系统
Sun Solaris 10
Sun OpenSolaris build snv_99
Sun OpenSolaris build snv_96
Sun OpenSolaris build snv_95
Sun OpenSolaris build snv_94
Sun OpenSolaris build snv_93
Sun OpenSolaris build snv_92
Sun OpenSolaris build snv_91
Sun OpenSolaris build snv_90
Sun OpenSolaris build snv_89
Sun OpenSolaris build snv_88
Sun OpenSolaris build snv_87
Sun OpenSolaris build snv_86
Sun OpenSolaris build snv_85
Sun OpenSolaris build snv_84
Sun OpenSolaris build snv_83
Sun OpenSolaris build snv_82
Sun OpenSolaris build snv_81
Sun OpenSolaris build snv_80
Sun OpenSolaris build snv_78
Sun OpenSolaris build snv_77
Sun OpenSolaris build snv_76
Sun OpenSolaris build snv_68
Sun OpenSolaris build snv_67
Sun OpenSolaris build snv_64
Sun OpenSolaris build snv_61
Sun OpenSolaris build snv_59
Sun OpenSolaris build snv_58
Sun OpenSolaris build snv_57
Sun OpenSolaris build snv_54
Sun OpenSolaris build snv_50
Sun OpenSolaris build snv_47
Sun OpenSolaris build snv_45
Sun OpenSolaris build snv_41
Sun OpenSolaris build snv_108
Sun OpenSolaris build snv_107
Sun OpenSolaris build snv_106
Sun OpenSolaris build snv_105
Sun OpenSolaris build snv_104
Sun OpenSolaris build snv_104
Sun OpenSolaris build snv_103
Sun OpenSolaris build snv_102
Sun OpenSolaris build snv_101a
Sun OpenSolaris build snv_101
Sun OpenSolaris build snv_100
 
不受影响系统
Sun OpenSolaris build snv_109
 
危害
本地攻击者可以利用漏洞未授权访问客户域控制台。
 
攻击所需条件
攻击者必须访问Sun Solaris。
 
漏洞信息
Sun Solaris是一款商业性质的操作系统。
Solaris逻辑域的虚拟网络终端服务守护程序(vntsd)存在错误,允许控制域中的非特权用户获得对客户域控制台的访问。
目前没有详细漏洞细节提供。
 
测试方法
 
厂商解决方案
Solaris 10 SPARC平台可参考如下补丁:
141778-01及之后版本:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-262708-1
 
漏洞提供者
Sun
 
漏洞消息链接
http://secunia.com/advisories/35547/

发表评论?

0 条评论。

发表评论