A vulnerability has been identified in Sun Ray Windows Connector, which could be exploited by local attackers to compromise a vulnerable system. This issue is caused by an unspecified error when configuring the software products, which could allow a local unprivileged user to gain knowledge of the Sun Ray administration password and gain access the Sun Ray Administration GUI.

Affected Products

Sun Ray Windows Connector version 1.1
Sun Ray Windows Connector version 2.0

Solution

Sun Ray Windows Connector 2.0 (for SRSS 4.0 / SPARC) - Apply patch 127556-03 or later
Sun Ray Windows Connector 1.1 (for SRSS 3.1 / SPARC) - Apply patch 124847-04 or later

Sun Ray Windows Connector 2.0 (for SRSS 4.0 / x86) - Apply patch 127557-03 or later
Sun Ray Windows Connector 1.1 (for SRSS 3.1 / x86) - Apply patch 124848-04 or later

Sun Ray Windows Connector 2.0 (for SRSS 4.0 / Linux) - Apply patch 127558-03 or later
Sun Ray Windows Connector 1.1 (for SRSS 3.1.1 / Linux) - Apply patch 124849-04 or later

References

http://www.vupen.com/english/advisories/2008/3407
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240506-1

Credits

Vulnerability reported by the vendor.

Changelog

2008-12-11 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.