CVE-2009-2491 - The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enable

CVE-2009-2491

Summary

The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to "resource leaks."

References

Vulnerable Configurations

cpe:2.3:a:sun:ray_server_software:4.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:sparc:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:sparc:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:x86:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:x86:*:*:*:*:*

CVSS

Base:	4.4 (as of 17-08-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

refmap via4

confirm	http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-06-1
osvdb	55978
sunalert	253889
vupen	ADV-2009-1915
xf	sunray-utaudiod-unauth-access(51742)

Last major update

17-08-2017 - 01:30

Published

16-07-2009 - 16:30

Last modified

17-08-2017 - 01:30