---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Sun Ray Server Software Password Disclosure SECUNIA ADVISORY ID: SA23900 VERIFY ADVISORY: http://secunia.com/advisories/23900/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system SOFTWARE: Sun Ray Server Software (SRSS) 3.x http://secunia.com/product/11259/ Sun Ray Server Software (SRSS) 2.x http://secunia.com/product/3475/ DESCRIPTION: Sun has acknowledged a security issue in Sun Ray Server Software, which can be exploited by malicious, local users to gain sensitive information. The security issue is caused due to an unspecified error and can be exploited to disclose the administrator's password if an administrator logs into the Sun Ray Administration Tool or if the attacker has read access to the logfiles of Sun Ray Server Software's private webserver or similar. The security issue is reported in Sun Ray Server Software 2.0 and 3.0. Other versions may also be affected. SOLUTION: Apply patches. -- SPARC Platform -- Sun Ray Server Software 2.0 for Solaris 8 and 9: Apply patch 114880-10. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114880-10-1 Sun Ray Server Software 3.0 for Solaris 8, 9, and 10: Apply patch 118979-02. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-118979-02-1 -- Linux Platform -- Sun Ray Server Software 3.0 (for JDS R2, RHELAS 3.0, SLES 8.0): Apply patch 119836-02. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-119836-02-1 ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102779-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------