Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5423

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5423
Last Modified 07 Mar 2011 10:14:34
Published 11 Dec 2008 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-5423

Summary

Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.

Vulnerable Systems

Application

  • Sun Ray Server Software 3.0

  • Sun Ray Server Software 3.1

  • Sun Ray Server Software 3.1.1

  • Sun Ray Server Software 4.0

  • Sun Ray Windows Connector 1.1

  • Sun Ray Windows Connector 2.0


References

SUNALERT - 240506

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1

XF - rayserver-raywinconnector-security-bypass(47258)

VUPEN - ADV-2008-3407

VUPEN - ADV-2008-3406

BID - 32772

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm

SECTRACK - 1021379

SECUNIA - 33119

SECUNIA - 33108


Last Updated: 27 May 2016 10:48:48