Two vulnerabilities have been identified in Sun Ray Server Software, which could be exploited by remote attackers to bypass security restrictions, cause a denial of service or compromise a vulnerable system.

The first issue is caused by an unspecified error in the Authentication Manager, which could allow remote attackers to crash an affected service or execute arbitrary code with root privileges.

The second vulnerability is caused by an error within the encryption keys generation, which could allow an attacker, who is able to intercept network traffic, to predict the private key and decrypt the mouse, keyboard, and display traffic between the Sun Ray DTU and the Sun Ray Server.

Affected Products

Sun Ray Server Software version 4.0
Sun Ray Server Software version 4.1

Solution

Sun Ray Server Software 4.0 (for Solaris 10 / SPARC) - Apply patch 127553-07 or later

Sun Ray Server Software 4.1 (for Solaris 10 / SPARC) - Apply patch 139548-03 or later

Sun Ray Server Software 4.0 (for Solaris 10 / x86) - Apply patch 127554-07 or later

Sun Ray Server Software 4.1 (for Solaris 10 / x86) - Apply patch 139549-03 or later

Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9 / Linux) - Apply patch 127555-07 or later

Sun Ray Server Software 4.1 (for RHEL 5, SLES 10 / Linux) - Apply patch 139550-03 or later

References

http://www.vupen.com/english/advisories/2009/3477
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-267548-1

Credits

Vulnerabilities reported by the vendor.

Changelog

2009-12-10 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.