Note: This is an archival copy of Security Sun Alert 201783 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001321.1.
Sun Secure Global Desktop Software 4.2
Date of Resolved Release
Two Cross Site Scripting vulnerabilities in the Sun Secure Global Desktop (SSGD) software may allow a local or remote unprivileged user to execute arbitrary script commands in another user's context, potentially allowing an unprivileged remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server.
Sun acknowledges, with thanks, Marc Ruef of scip AG for bringing this issue to our attention.
This issue can occur in the following releases:
To determine the version of the Sun Secure Global Desktop Software running on a system, the following command can be executed on the Sun Secure Global Desktop server:
$ <INSTALL_DIR>/bin/tarantella version Sun Secure Global Desktop Software for SPARC Solaris 2.8+ (4.20.983) Architecture code: spso0510 This host: SunOS <SERVER NAME> 5.10 Generic_118822-25 sun4v sparc SUNW,Sun-Fire-T2000
There are no predictable symptoms that would indicate the described issue has occurred.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
The latest build of Sun Secure Global Desktop Software can be downloaded for all of the above platforms from the following URL:
This solution has no attachment