Sun Ray Kiosk Mode Lets Local Users and Remote Authenticated Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1019993 |
|
SecurityTracker URL: http://securitytracker.com/id/1019993
|
|
CVE Reference:
CVE-2008-2112
(Links to External Site)
|
Updated: May 13 2008
|
Original Entry Date: May 8 2008
|
Impact:
Root access via local system, Root access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.0
|
Description:
A vulnerability was reported in Sun Ray Kiosk Mode. A remote authenticated or local user can obtain root privileges on the target system.
A remote authenticated user or local user with Sun Ray administration privileges can execute arbitrary commands with root privileges.
The vulnerability occurs in the parsing of session arguments.
|
Impact:
A remote authenticated or local user with Sun Ray administrative privileges can obtain root privileges on the target system.
|
Solution:
The vendor has issued a fix.
SPARC Platform
* Sun Ray Server Software 4.0 (for Solaris 10) with patch 128165-01 or later
x86 Platform
* Sun Ray Server Software 4.0 (for Solaris 10) with patch 128166-01 or later
Linux
* Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9) with patch 128167-01 or later
The vendor's advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-236944-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-66-236944-1 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 7 May 2008 23:33:48 -0400
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236944-1
|
|
|
