Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.1106 -- [Linux][Solaris]
Security Vulnerabilities in Sun Ray Server Software and Sun Ray Windows
Connector May Compromise the Sun Ray Administration Password
9 December 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Sun Ray Server Software 3.x
Sun Ray Server Software 4.0
Sun Ray Windows Connector 1.1
Sun Ray Windows Connector 2.0
Publisher: Sun Microsystems
Operating System: Solaris
Linux variants
Impact: Inappropriate Access
Access: Remote/Unauthenticated
Original Bulletin:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240506-1
- --------------------------BEGIN INCLUDED TEXT--------------------
Solution Type Sun Alert
Solution 240506 : Security Vulnerabilities in Sun Ray Server Software
and Sun Ray Windows Connector May Compromise the Sun Ray Administration
Password
Bug ID
6616994, 6617000
Product
Sun Ray Server Software 3.x
Sun Ray Server Software 4.0
Sun Ray Windows Connector 1.1
Sun Ray Windows Connector 2.0
Date of Resolved Release
05-Dec-2008
SA Document Body
Security Vulnerabilities in Sun Ray Server Software and Sun Ray Windows
Connector May Compromise the Sun Ray Administration Password
1. Impact
Security vulnerabilities in Sun Ray Server Software and Sun Ray Windows
Connector may allow a local unprivileged user to gain access to the Sun Ray
administration password while the software products are being configured. This
would in turn allow unauthorized remote access to the Sun Ray Data Store and
unauthorized access to the Sun Ray Administration GUI as the built-in 'admin'
user.
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
* Sun Ray Server Software 4.0 (for Solaris 10) without patch 127553-04
* Sun Ray Server Software 3.1 (for Solaris 8, 9, and 10) without patch 120879-08
* Sun Ray Server Software 3.0 (for Solaris 8 and 9) without patch 118979-04
* Sun Ray Windows Connector 2.0 (for SRSS 4.0) without patch 127556-03
* Sun Ray Windows Connector 1.1 (for SRSS 3.1) without patch 124847-04
x86 Platform
* Sun Ray Server Software 4.0 (for Solaris 10) without patch 127554-04
* Sun Ray Server Software 3.1 (for Solaris 10) without patch 120880-08
* Sun Ray Windows Connector 2.0 (for SRSS 4.0) without patch 127557-03
* Sun Ray Windows Connector 1.1 (for SRSS 3.1) without patch 124848-04
Linux Platform
* Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9) without patch 127555-04
* Sun Ray Server Software 3.1.1 (for RHEL AS 4, SLES 9) without patch 124388-03
* Sun Ray Server Software 3.1 (for RHEL AS 3, SLES 8, JDS 2) without patch 120881-08
* Sun Ray Server Software 3.0 (for RHEL AS 3, SLES 8, JDS 2) without patch 119836-04
* Sun Ray Windows Connector 2.0 (for SRSS 4.0) without patch 127558-03
* Sun Ray Windows Connector 1.1 (for SRSS 3.1.1) without patch 124849-04
Notes:
1. Sun Ray Server Software 2.0 and Sun Ray Windows Connector 1.0 will not be
evaluated regarding the potential impact of the issue described in this Sun
Alert.
2. This issue does not affect Sun Ray Server Software 3.0 and 3.1 on the
Trusted Solaris 8 platform. Only Solaris 8, 9, and 10 and Linux platforms are
affected.
3. The password is exposed only while the affected software products are being
configured. In Sun Ray Server Software, the vulnerability occurs while the
utconfig(1M) tool is being run or while the utinstall(1M) tool is being used
to upgrade from a prior version of SRSS or from configuration data preserved
using the utpreserve(1M) tool. In Sun Ray Windows Connector, the vulnerability
occurs while the uttscadm(1M) tool is being run.
To determine the version of Sun Ray Server software in use, the following
command can be run:
$ /opt/SUNWut/lib/utprodinfo -p SUNWuto VERSION
4.0_48
To determine the version of Sun Ray Windows Connector in use, the following
command can be run:
$ /opt/SUNWut/lib/utprodinfo -p SUNWuttsc VERSION
2.0_23
3. Symptoms
There are no predictable symptoms that would indicate the described issue has
been exploited.
4. Workaround
To work around the described issue, it should be ensured that no other users
have access to the server while Sun Ray Server Software and Sun Ray Windows
Connector are being configured.
If utconfig(1M), uttscadm(1M) or utinstall(1M) have been run while untrusted
users may have had access to the server, the utpw(1M) tool or the Sun Ray web
administration GUI should be used to change the Sun Ray administration
password that may have been compromised. If this password has also been used
for other purposes, passwords in affected software should be changed as well.
Note: If this server is part of a failover configuration, utpw(1M) should also
be run on the remaining servers.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* Sun Ray Server Software 4.0 (for Solaris 10) with patch 127553-04 or later
* Sun Ray Server Software 3.1 (for Solaris 8, 9, and 10) with patch 120879-08 or later
* Sun Ray Server Software 3.0 (for Solaris 8 and 9) with patch 118979-04 or later
* Sun Ray Windows Connector 2.0 (for SRSS 4.0) with patch 127556-03 or later
* Sun Ray Windows Connector 1.1 (for SRSS 3.1) with patch 124847-04 or later
x86 Platform
* Sun Ray Server Software 4.0 (for Solaris 10) with patch 127554-04 or later
* Sun Ray Server Software 3.1 (for Solaris 10) with patch 120880-08 or later
* Sun Ray Windows Connector 2.0 (for SRSS 4.0) with patch 127557-03 or later
* Sun Ray Windows Connector 1.1 (for SRSS 3.1) with patch 124848-04 or later
Linux Platform
* Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9) with patch 127555-04 or later
* Sun Ray Server Software 3.1.1 (for RHEL AS 4, SLES 9) with patch 124388-03 or later
* Sun Ray Server Software 3.1 (for JDS 2, RHEL AS 3, SLES 8) with patch 120881-08 or later
* Sun Ray Server Software 3.0 (for JDS 2, RHEL AS 3, SLES 8) with patch 119836-04 or later
* Sun Ray Windows Connector 2.0 (for SRSS 4.0) with patch 127558-03 or later
* Sun Ray Windows Connector 1.1 (for SRSS 3.1.1) with patch 124849-04 or later
Note: After installation of the above listed patches to resolve this issue,
use the utpw(1M) command or the Sun Ray web administration GUI to change the
Sun Ray administration password on all servers in the replication group. If
the Sun Ray administration password has also been used for other purposes,
passwords in affected software should be changed as well.
For more information on Security Sun Alerts, see Technical Instruction ID
213557.
This Sun Alert notification is being provided to you on an "AS IS" basis.
This Sun Alert notification may contain information provided by third parties.
The issues described in this Sun Alert notification may or may not impact your
system(s). Sun makes no representations, warranties, or guarantees as to the
information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING
THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun
Alert notification contains Sun proprietary and confidential information. It
is being provided to you pursuant to the provisions of your agreement to
purchase services from Sun, or, if you do not have such an agreement, the
Sun.com Terms of Use. This Sun Alert notification may only be used for the
purposes contemplated by these agreements.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
CA 95054 U.S.A. All rights reserved.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBST3vJSh9+71yA2DNAQIaSQP/eJUw8w0TkyXxXF5cFbE7tUxB8NNlO36e
8ULghEgMYFEJ3RmFMxTZWQtGYDtZSi9R+3F2QQuZIzwG5sPF24YQBBOH1dfbQiEF
tdrJFxkTlYueemyA648ZcvR+Q8BNLZWHhYeEp0tkSo+dpLZ86METB8WSKi9kJXEg
W5UC8tMQNVw=
=fQ1n
-----END PGP SIGNATURE-----