Vulnerability CVE-2009-2491
Published: 2009-07-16   Modified: 2012-02-13

Description:
The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to "resource leaks."

Type:

CWE-noinfo

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SUN -> Ray server software 

 References:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-253889-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-06-1
http://xforce.iss.net/xforce/xfdb/51742
http://www.vupen.com/english/advisories/2009/1915
http://osvdb.org/55978
Copyright 2024, cxsecurity.com

 

Back to Top