CVE-2008-5423
Summary
| CVE | CVE-2008-5423 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-12-11 15:30:00 UTC |
| Updated | 2018-10-30 16:25:00 UTC |
| Description | Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Novell | Suse Linux Enterprise Server | 8 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 9 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 8 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 9 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 3 | All | advanced_server | All |
| Operating System | Redhat | Enterprise Linux | 4 | All | advanced_server | All |
| Operating System | Redhat | Enterprise Linux | 3 | All | advanced_server | All |
| Operating System | Redhat | Enterprise Linux | 4 | All | advanced_server | All |
| Application | Sun | Java Desktop System | 2.0 | All | All | All |
| Application | Sun | Java Desktop System | 2.0 | All | All | All |
| Application | Sun | Ray Server Software | 3.0 | All | linux | All |
| Application | Sun | Ray Server Software | 3.0 | All | sparc | All |
| Application | Sun | Ray Server Software | 3.1 | All | linux | All |
| Application | Sun | Ray Server Software | 3.1 | All | sparc | All |
| Application | Sun | Ray Server Software | 3.1 | All | x86 | All |
| Application | Sun | Ray Server Software | 3.1.1 | All | linux | All |
| Application | Sun | Ray Server Software | 4.0 | All | linux | All |
| Application | Sun | Ray Server Software | 4.0 | All | sparc | All |
| Application | Sun | Ray Server Software | 4.0 | All | x86 | All |
| Application | Sun | Ray Server Software | 3.0 | All | linux | All |
| Application | Sun | Ray Server Software | 3.0 | All | sparc | All |
| Application | Sun | Ray Server Software | 3.1 | All | linux | All |
| Application | Sun | Ray Server Software | 3.1 | All | sparc | All |
| Application | Sun | Ray Server Software | 3.1 | All | x86 | All |
| Application | Sun | Ray Server Software | 3.1.1 | All | linux | All |
| Application | Sun | Ray Server Software | 4.0 | All | linux | All |
| Application | Sun | Ray Server Software | 4.0 | All | sparc | All |
| Application | Sun | Ray Server Software | 4.0 | All | x86 | All |
| Application | Sun | Ray Windows Connector | 1.1 | All | linux | All |
| Application | Sun | Ray Windows Connector | 1.1 | All | sparc | All |
| Application | Sun | Ray Windows Connector | 1.1 | All | x86 | All |
| Application | Sun | Ray Windows Connector | 2.0 | All | linux | All |
| Application | Sun | Ray Windows Connector | 2.0 | All | sparc | All |
| Application | Sun | Ray Windows Connector | 2.0 | All | x86 | All |
| Application | Sun | Ray Windows Connector | 1.1 | All | linux | All |
| Application | Sun | Ray Windows Connector | 1.1 | All | sparc | All |
| Application | Sun | Ray Windows Connector | 1.1 | All | x86 | All |
| Application | Sun | Ray Windows Connector | 2.0 | All | linux | All |
| Application | Sun | Ray Windows Connector | 2.0 | All | sparc | All |
| Application | Sun | Ray Windows Connector | 2.0 | All | x86 | All |
| Operating System | Sun | Solaris | 10 | All | sparc | All |
| Operating System | Sun | Solaris | 10 | All | x86 | All |
| Operating System | Sun | Solaris | 8 | All | sparc | All |
| Operating System | Sun | Solaris | 9 | All | sparc | All |
| Operating System | Sun | Solaris | 10 | All | sparc | All |
| Operating System | Sun | Solaris | 10 | All | x86 | All |
| Operating System | Sun | Solaris | 8 | All | sparc | All |
| Operating System | Sun | Solaris | 9 | All | sparc | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Sun Ray Server Software Two Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| ASA-2008-500 (SUN 240506) | CONFIRM | support.avaya.com | |
| Sun Ray Server and Sun Ray Windows Connector Information Disclosure Vulnerability | BID | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| sunsolve.sun.com/search/document.do | CONFIRM | sunsolve.sun.com | Patch |
| sunsolve.sun.com/search/document.do | CONFIRM | sunsolve.sun.com | Patch, Vendor Advisory |
| Sun Ray Server Lets Local Users Obtain the Administrative Password in Certain Cases - SecurityTracker | SECTRACK | securitytracker.com | |
| 240506 | SUNALERT | sunsolve.sun.com | Patch |
| Sun Ray Windows Connector Information Disclosure Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.