Vulnerability in Sun Virtual Desktop Infrastructure Allows Unauthorized Data Access
CVE-2009-2856

Currently unrated

Key Information:

Vendor: Oracle
Status: Virtual Desktop Infrastructure
Vendor: CVE Published:; 18 August 2009

Summary

The Sun Virtual Desktop Infrastructure (VDI) 3.0 suffers from an improper input handling vulnerability when anonymous binding is enabled. This flaw allows remote attackers to intercept and read VDI configuration data requests in cleartext by sniffing LDAP sessions on the network. It poses a significant risk as attackers can exploit this to obtain sensitive configuration information, potentially leading to further exploitation within the affected environment.

References

http://www.vupen.com/english/advisories/2009/2282

vdb-entryx_refsource_VUPEN

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://secunia.com/advisories/36330

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 18, 2009