Sun Ray Server Admin Graphical User Interface Administrator Password Disclosure Vulnerabilities

Bugtraq ID:	22192
Class:	Design Error
CVE:	CVE-2007-0482
Remote:	No
Local:	Yes
Published:	Jan 23 2007 12:00AM
Updated:	May 12 2015 07:35PM
Credit:	The vendor reported these issues.
Vulnerable:	Sun Ray Server Software 2.0 Sun Ray Server Software 3.0
Not Vulnerable:

Sun Ray Server Admin Graphical User Interface Administrator Password Disclosure Vulnerabilities

The Sun Ray server is prone to multiple password-disclosure vulnerabilities.

An attacker can exploit these issues to gain 'utadmin' access to the affected server. This may lead to other attacks.

Sun Ray Server Admin Graphical User Interface Administrator Password Disclosure Vulnerabilities

An attacker can exploit these issues by gaining local interactive access to the affected server.

Sun Ray Server Admin Graphical User Interface Administrator Password Disclosure Vulnerabilities

Solution:
The vendor has released an advisory and various patches to address these issues. Please see the references for more information.


Sun Ray Server Software 3.0

• Sun 118979-02
  Solaris 8 and 9 on SPARC
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118979-02-1


• Sun 119836-02
  Linux Platform
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119836-02-1

Sun Ray Server Admin Graphical User Interface Administrator Password Disclosure Vulnerabilities

References:

• Sun Ray Server Homepage (Sun Microsystems)
  
• Sun Document ID 102779: Security Vulnerability in the Sun Ray Server Software A (Sun Microsystems)