Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15842
HistoryJan 24, 2007 - 12:00 a.m.

[SA23900] Sun Ray Server Software Password Disclosure

2007-01-2400:00:00
vulners.com
10
JSON

TITLE:
Sun Ray Server Software Password Disclosure

SECUNIA ADVISORY ID:
SA23900

VERIFY ADVISORY:
http://secunia.com/advisories/23900/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
Local system

SOFTWARE:
Sun Ray Server Software (SRSS) 3.x
http://secunia.com/product/11259/
Sun Ray Server Software (SRSS) 2.x
http://secunia.com/product/3475/

DESCRIPTION:
Sun has acknowledged a security issue in Sun Ray Server Software,
which can be exploited by malicious, local users to gain sensitive
information.

The security issue is caused due to an unspecified error and can be
exploited to disclose the administrator's password if an
administrator logs into the Sun Ray Administration Tool or if the
attacker has read access to the logfiles of Sun Ray Server Software's
private webserver or similar.

The security issue is reported in Sun Ray Server Software 2.0 and
3.0. Other versions may also be affected.

SOLUTION:
Apply patches.

– SPARC Platform –

Sun Ray Server Software 2.0 for Solaris 8 and 9:
Apply patch 114880-10.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114880-10-1

Sun Ray Server Software 3.0 for Solaris 8, 9, and 10:
Apply patch 118979-02.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-118979-02-1

– Linux Platform –

Sun Ray Server Software 3.0 (for JDS R2, RHELAS 3.0, SLES 8.0):
Apply patch 119836-02.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-119836-02-1

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102779-1

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

JSON