CVE-2009-2856

Published: Aug 18, 2009Modified: Apr 23, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.

Affected (1)

Products: Sun: Virtual Desktop Infrastructure

1 product

Virtual Desktop Infrastructure

Configuration A

1 platform

Running on/with	Platform Versions
Sun Solaris	Version 10.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sun Virtual Desktop Infrastructure	Version 3.0

Running on/with	Platform Versions
Sun Solaris	Version 10.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://secunia.com/advisories/36330

Source: cve@mitre.org

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-02-1

Source: cve@mitre.org

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1

Source: cve@mitre.org

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/2282

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/36330

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-21-141481-02-1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/2282

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.