|
|
>> Sun Ray Server Software Data Manipulation and Denial of Service Issues
|
Title : Sun Ray Server Software Data Manipulation and Denial of Service Issues
VUPEN ID : VUPEN/ADV-2007-4269
CVE ID : CVE-2007-6481 - CVE-2007-6482
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-12-20
|
Multiple vulnerabilities have been identified in Sun Ray Server Software (SRSS), which could be exploited by attackers to bypass security restrictions and cause a denial of service. This issue is caused by an unspecified error in the Sun Ray Device Manager daemon (utdevmgrd), which may allow a local or remote unprivileged user to create or delete arbitrary directories on the server, or cause the Device Manager daemon to crash resulting in an interruption of peripheral device service to Sun Ray users.
Affected Products
Sun Ray Server Software versions 2.x
Sun Ray Server Software versions 3.x
Solution
Sun Ray Server Software 3.1 (for Solaris 8, 9, and 10) SPARC - Apply patch 120879-07 or later
Sun Ray Server Software 3.1 (for Solaris 10) x86 - Apply patch 120880-07 or later
Sun Ray Server Software 3.1 (Linux) - Apply patch 120881-07 or later
Sun Ray Server Software 3.1.1 (Linux) - Apply patch 124388-02 or later
References
http://www.vupen.com/english/advisories/2007/4269
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103175-1
Credits
Vulnerabilities reported by Danny Quist and Anthony Clark (Los Alamos National Labs).
ChangeLog
2007-12-20 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
