---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Sun Ray Server Software Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35872 VERIFY ADVISORY: http://secunia.com/advisories/35872/ DESCRIPTION: Some vulnerabilities have been reported in Sun Ray Server Software, which can be exploited by malicious, local users to cause a DoS (Denial of Service), gain escalated privileges, or bypass certain security restrictions. 1) An unspecified error in the utaudiod daemon audio service can be exploited to cause a DoS for the audio service and potentially execute arbitrary code with privileges of the utaudiod service. 2) An information leak in the utaudiod daemon can be exploited to gain unauthorised access to the Sun Ray session of other users. Successful exploitation requires that Trusted Extensions are enabled. Vulnerabilities #1 and #2 are reported in Sun Ray Server Software 4.0 for Solaris 10 for both the SPARC and x86 platforms. 3) An unspecified error in the "utdmsession" command can be exploited to gain unauthorised access to the Sun Ray session of other users. Vulnerability #3 is reported in Sun Ray Server Software 4.0 for Solaris 10 for both the SPARC and x86 platforms, and Sun Ray Server Software 4.0 for RHEL AS 4 and SLES 9. SOLUTION: Apply patches. -- SPARC Platform -- Sun Ray Server Software 4.0 (for Solaris 10): Apply patch 127553-06 or later. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-127553-06-1 -- x86 Platform -- Sun Ray Server Software 4.0 (for Solaris 10): Apply patch 127554-06 or later. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-127554-06-1 -- Linux Platform -- Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9): Apply patch 127555-06 or later. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-127555-06-1 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-253889-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-252226-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------