---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Sun Ray Server Software Two Vulnerabilities SECUNIA ADVISORY ID: SA33108 VERIFY ADVISORY: http://secunia.com/advisories/33108/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: >From remote SOFTWARE: Sun Ray Server Software (SRSS) 4.x http://secunia.com/advisories/product/18594/ Sun Ray Server Software (SRSS) 3.x http://secunia.com/advisories/product/11259/ DESCRIPTION: Sun has acknowledged two vulnerabilities in Sun Ray Server Software, which can be exploited by malicious, local users or by malicious people to disclose sensitive information. 1) An unspecified error while configuring the application can be exploited to disclose the Sun Ray administration password and gain access to the administrative interface. Successful exploitation requires a local user account. 2) An unspecified error can be exploited to disclose the Sun Ray administration password and gain access to the administrative interface. NOTE: Sun Ray Server Software 3.0 is not affected by this vulnerability. SOLUTION: Apply patches. -- SPARC Platform -- Sun Ray Server Software 4.0 (for Solaris 10): Apply patch 127553-04 or later. Sun Ray Server Software 3.1 (for Solaris 8, 9, and 10): Apply patch 120879-08 or later. Sun Ray Server Software 3.0 (for Solaris 8 and 9): Apply patch 118979-04 or later. -- x86 Platform -- Sun Ray Server Software 4.0 (for Solaris 10): Apply patch 127554-04 or later. Sun Ray Server Software 3.1 (for Solaris 10): Apply patch 120880-08 or later. -- Linux Platform -- Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9): Apply patch 127555-04 or later. Sun Ray Server Software 3.1.1 (for RHEL AS 4, SLES 9): Apply patch 124388-03 or later. Sun Ray Server Software 3.1 (for JDS 2, RHEL AS 3, SLES 8): Apply patch 120881-08 or later. Sun Ray Server Software 3.0 (for JDS 2, RHEL AS 3, SLES 8): Apply patch 119836-04 or later. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240365-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-240506-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------