Lucene search

MitreCVE-2009-2856

HistoryAug 18, 2009 - 10:30 p.m.

CVE-2009-2856

2009-08-1822:30:00

CWE-200

mitre

web.nvd.nist.gov

cve-2009-2856

sun

virtual desktop infrastructure

vdi

anonymous binding

ldap

network security

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

48.8%

JSON

Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client’s attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.

Affected configurations

Nvd

Node

sunvirtual_desktop_infrastructureMatch3.0

AND

sunsolarisMatch10.0x86

Node

sunvirtual_desktop_infrastructureMatch3.0

AND

sunsolarisMatch10.0sparc

VendorProductVersionCPE
sunvirtual_desktop_infrastructure3.0cpe:2.3:a:sun:virtual_desktop_infrastructure:3.0:*:*:*:*:*:*:*
sunsolaris10.0cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
sunsolaris10.0cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*

Vendor	Product	Version	CPE
sun	virtual_desktop_infrastructure	3.0	cpe:2.3:a:sun:virtual_desktop_infrastructure:3.0:::::::*
sun	solaris	10.0	cpe:2.3:o:sun:solaris:10.0::x86:::::
sun	solaris	10.0	cpe:2.3:o:sun:solaris:10.0::sparc:::::

References

secunia.com/advisories/36330

sunsolve.sun.com/search/document.do?assetkey=1-21-141481-02-1

sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1

www.vupen.com/english/advisories/2009/2282

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

48.8%

JSON

Related for CVE-2009-2856