---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Sun Ray Server Software Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37627 VERIFY ADVISORY: http://secunia.com/advisories/37627/ DESCRIPTION: A weakness and a vulnerability have been reported in Sun Ray Server Software, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. 1) An unspecified error in the Authentication Manager can be exploited to cause a crash and potentially execute arbitrary code with privileges of the root user. 2) The weakness is caused due to an unspecified error in the Sun Ray firmware, which generates weak encryption keys. This can be exploited to predict the private key for mouse, keyboard, and display traffic between the Sun Ray DTU and the Sun Ray Server. Successful exploitation requires an attacker to intercept network traffic. NOTE: The weakness does not affect Sun Ray 1 DTU, Sun Ray 1g DTU, Sun Ray 100 DTU, and Sun Ray 150 DTU. The weakness and the vulnerability are reported in versions 4.0 and 4.1. SOLUTION: Apply patches. -- SPARC Platform -- Sun Ray Server Software 4.0 (for Solaris 10): Apply patch 127553-07 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-127553-07-1 Sun Ray Server Software 4.1 (for Solaris 10): Apply patch 139548-03. http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-139548-03-1 -- x86 Platform -- Sun Ray Server Software 4.0 (for Solaris 10): Apply patch 127554-07 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-127554-07-1 Sun Ray Server Software 4.1 (for Solaris 10): Apply patch 139549-03 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-139549-03-1 -- Linux Platform -- Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9): Apply patch 127555-07 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-127555-07-1 Sun Ray Server Software 4.1 (for RHEL 5, SLES 10): Apply patch 139550-03 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-139550-03-1 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-267548-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------