---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Sun Ray Device Manager Daemon Data Manipulation and DoS SECUNIA ADVISORY ID: SA28148 VERIFY ADVISORY: http://secunia.com/advisories/28148/ CRITICAL: Less critical IMPACT: Manipulation of data, DoS WHERE: >From local network SOFTWARE: Sun Ray Server Software (SRSS) 2.x http://secunia.com/product/3475/ Sun Ray Server Software (SRSS) 3.x http://secunia.com/product/11259/ DESCRIPTION: Some vulnerabilities have been reported in Sun Ray Server Software, which can be exploited by malicious, local users or malicious people to manipulate certain data or cause a DoS (Denial of Service). The vulnerabilities are caused due to unspecified errors in the Sun Ray Device Manager daemon (utdevmgrd(1M)) and can be exploited to create or delete arbitrary directories on the server, or cause the Device Manager daemon to crash. The vulnerabilities affect versions 2.0, 3.0, 3.1, and 3.1.1. SOLUTION: Apply patches or disable the Sun Ray Device Manager daemon (see vendor's advisory for more information). -- SPARC Platform -- Sun Ray Server Software 3.1 (for Solaris 8, 9, and 10): Apply patch 120879-07 or later. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120879-07-1 -- x86 Platform -- Sun Ray Server Software 3.1 (for Solaris 10): Apply patch 120880-07 or later. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120880-07-1 -- Linux Platform -- Sun Ray Server Software 3.1: Apply patch 120881-07 or later http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120881-07-1 Sun Ray Server Software 3.1.1: Apply patch 124388-02 or later. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-124388-02-1 PROVIDED AND/OR DISCOVERED BY: The vendor credits Danny Quist and Anthony Clark, Los Alamos National Labs. ORIGINAL ADVISORY: Sun Alert ID 103175: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103175-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------