Vulnerability Description
Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Virtual Desktop Infrastructure | 3.0 |
| Sun | Solaris | 10.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/36330Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-02-1Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1PatchVendor Advisory
- http://www.vupen.com/english/advisories/2009/2282PatchVendor Advisory
- http://secunia.com/advisories/36330Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-02-1Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1PatchVendor Advisory
- http://www.vupen.com/english/advisories/2009/2282PatchVendor Advisory
FAQ
What is CVE-2009-2856?
CVE-2009-2856 is a vulnerability with a CVSS score of 3.5 (LOW). Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow r...
How severe is CVE-2009-2856?
CVE-2009-2856 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2856?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Virtual Desktop Infrastructure, Sun Solaris.