Document Audience: PUBLIC
Document ID: 240506
Title: Security Vulnerabilities in Sun Ray Server Software and Sun Ray
Windows Connector May Compromise the Sun Ray Administration Password
Copyright Notice: Copyright © 2008 Sun Microsystems, Inc. All Rights
Reserved
Update Date: Fri Dec 05 00:00:00 MST 2008
Solution Type: Sun Alert
Solution 240506 : Security Vulnerabilities in Sun Ray Server
Software and Sun Ray Windows Connector May Compromise the Sun Ray
Administration Password
Related Categories
Home>Content>Sun Alert Criteria Categories>Security
Home>Content>Sun Alert Release Phase>Resolved
Bug ID
6616994, 6617000
Product
Sun Ray Server Software 3.x
Sun Ray Server Software 4.0
Sun Ray Windows Connector 1.1
Sun Ray Windows Connector 2.0
Date of Resolved Release
05-Dec-2008
SA Document Body
Security Vulnerabilities in Sun Ray Server Software and Sun Ray
Windows Connector May Compromise the Sun Ray Administration Password
1. Impact
Security vulnerabilities in Sun Ray Server Software and Sun Ray
Windows Connector may allow a local unprivileged user to gain access
to the Sun Ray administration password while the software products are
being configured. This would in turn allow unauthorized remote access
to the Sun Ray Data Store and unauthorized access to the Sun Ray
Administration GUI as the built-in 'admin' user.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
Sun Ray Server Software 4.0 (for Solaris 10) without patch 127553-04
Sun Ray Server Software 3.1 (for Solaris 8, 9, and 10) without patch
120879-08
Sun Ray Server Software 3.0 (for Solaris 8 and 9) without patch
118979-04
Sun Ray Windows Connector 2.0 (for SRSS 4.0) without patch 127556-03
Sun Ray Windows Connector 1.1 (for SRSS 3.1) without patch 124847-04
x86 Platform
Sun Ray Server Software 4.0 (for Solaris 10) without patch 127554-04
Sun Ray Server Software 3.1 (for Solaris 10) without patch 120880-08
Sun Ray Windows Connector 2.0 (for SRSS 4.0) without patch 127557-03
Sun Ray Windows Connector 1.1 (for SRSS 3.1) without patch 124848-04
Linux Platform
Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9) without patch
127555-04
Sun Ray Server Software 3.1.1 (for RHEL AS 4, SLES 9) without patch
124388-03
Sun Ray Server Software 3.1 (for RHEL AS 3, SLES 8, JDS 2) without
patch 120881-08
Sun Ray Server Software 3.0 (for RHEL AS 3, SLES 8, JDS 2) without
patch 119836-04
Sun Ray Windows Connector 2.0 (for SRSS 4.0) without patch 127558-03
Sun Ray Windows Connector 1.1 (for SRSS 3.1.1) without patch 124849-04
Notes:
1. Sun Ray Server Software 2.0 and Sun Ray Windows Connector 1.0 will
not be evaluated regarding the potential impact of the issue described
in this Sun Alert.
2. This issue does not affect Sun Ray Server Software 3.0 and 3.1 on
the Trusted Solaris 8 platform. Only Solaris 8, 9, and 10 and Linux
platforms are affected.
3. The password is exposed only while the affected software products
are being configured. In Sun Ray Server Software, the vulnerability
occurs while the utconfig(1M) tool is being run or while the
utinstall(1M) tool is being used to upgrade from a prior version of
SRSS or from configuration data preserved using the utpreserve(1M)
tool. In Sun Ray Windows Connector, the vulnerability occurs while the
uttscadm(1M) tool is being run.
To determine the version of Sun Ray Server software in use, the
following command can be run:
$ /opt/SUNWut/lib/utprodinfo -p SUNWuto VERSION
4.0_48
To determine the version of Sun Ray Windows Connector in use, the
following command can be run:
$ /opt/SUNWut/lib/utprodinfo -p SUNWuttsc VERSION
2.0_23
3. Symptoms
There are no predictable symptoms that would indicate the described
issue has been exploited.
4. Workaround
To work around the described issue, it should be ensured that no other
users have access to the server while Sun Ray Server Software and Sun
Ray Windows Connector are being configured.
If utconfig(1M), uttscadm(1M) or utinstall(1M) have been run while
untrusted users may have had access to the server, the utpw(1M) tool
or the Sun Ray web administration GUI should be used to change the Sun
Ray administration password that may have been compromised. If this
password has also been used for other purposes, passwords in affected
software should be changed as well.
Note: If this server is part of a failover configuration, utpw(1M)
should also be run on the remaining servers.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
Sun Ray Server Software 4.0 (for Solaris 10) with patch 127553-04 or
later
Sun Ray Server Software 3.1 (for Solaris 8, 9, and 10) with patch
120879-08 or later
Sun Ray Server Software 3.0 (for Solaris 8 and 9) with patch
118979-04 or later
Sun Ray Windows Connector 2.0 (for SRSS 4.0) with patch 127556-03 or
later
Sun Ray Windows Connector 1.1 (for SRSS 3.1) with patch 124847-04 or
later
x86 Platform
Sun Ray Server Software 4.0 (for Solaris 10) with patch 127554-04 or
later
Sun Ray Server Software 3.1 (for Solaris 10) with patch 120880-08 or
later
Sun Ray Windows Connector 2.0 (for SRSS 4.0) with patch 127557-03 or
later
Sun Ray Windows Connector 1.1 (for SRSS 3.1) with patch 124848-04 or
later
Linux Platform
Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9) with patch
127555-04 or later
Sun Ray Server Software 3.1.1 (for RHEL AS 4, SLES 9) with patch
124388-03 or later
Sun Ray Server Software 3.1 (for JDS 2, RHEL AS 3, SLES 8) with patch
120881-08 or later
Sun Ray Server Software 3.0 (for JDS 2, RHEL AS 3, SLES 8) with patch
119836-04 or later
Sun Ray Windows Connector 2.0 (for SRSS 4.0) with patch 127558-03 or
later
Sun Ray Windows Connector 1.1 (for SRSS 3.1.1) with patch 124849-04
or later
Note: After installation of the above listed patches to resolve this
issue, use the utpw(1M) command or the Sun Ray web administration GUI
to change the Sun Ray administration password on all servers in the
replication group. If the Sun Ray administration password has also
been used for other purposes, passwords in affected software should be
changed as well.
For more information on Security Sun Alerts, see Technical Instruction
ID 213557.
This Sun Alert notification is being provided to you on an "AS IS"
basis. This Sun Alert notification may contain information provided by
third parties. The issues described in this Sun Alert notification may
or may not impact your system(s). Sun makes no representations,
warranties, or guarantees as to the information contained herein. ANY
AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
This Sun Alert notification contains Sun proprietary and confidential
information. It is being provided to you pursuant to the provisions of
your agreement to purchase services from Sun, or, if you do not have
such an agreement, the Sun.com Terms of Use. This Sun Alert
notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
Attachments
This solution has no attachment
original link:
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-240506-1
greetings,
Stoyan Angelov
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
