| Secunia Advisory: | SA28148 | |
| Release Date: | 2007-12-19 | |
| Critical: |  Less critical | |
| Impact: | Manipulation of data DoS | |
| Where: | From local network | |
| Solution Status: | Vendor Patch | |
| Software: | Sun Ray Server Software (SRSS) 2.x Sun Ray Server Software (SRSS) 3.x | |
| Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS! | ||
Some vulnerabilities have been reported in Sun Ray Server Software, which can be exploited by malicious, local users or malicious people to manipulate certain data or cause a DoS (Denial of Service).
The vulnerabilities are caused due to unspecified errors in the Sun Ray Device Manager daemon (utdevmgrd(1M)) and can be exploited to create or delete arbitrary directories on the server, or cause the Device Manager daemon to crash.
The vulnerabilities affect versions 2.0, 3.0, 3.1, and 3.1.1.
Solution:
Apply patches or disable the Sun Ray Device Manager daemon (see vendor's advisory for more information).
-- SPARC Platform --
Sun Ray Server Software 3.1 (for Solaris 8, 9, and 10):
Apply patch 120879-07 or later.
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-120879-07-1
-- x86 Platform --
Sun Ray Server Software 3.1 (for Solaris 10):
Apply patch 120880-07 or later.
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-120880-07-1
-- Linux Platform --
Sun Ray Server Software 3.1:
Apply patch 120881-07 or later
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-120881-07-1
Sun Ray Server Software 3.1.1:
Apply patch 124388-02 or later.
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-124388-02-1
Provided and/or discovered by:
The vendor credits Danny Quist and Anthony Clark, Los Alamos National Labs.
Original Advisory:
Sun Alert ID 103175:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103175-1
資料來源 http://secunia.com/advisories/28148/
全站熱搜
留言列表
