Note: This is an archival copy of Security Sun Alert 240506 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019522.1.
Sun Ray Server Software 3.0
Sun Ray Server Software 4.0
Sun Ray Connector for Windows Operating Systems 1.1
Sun Ray Connector for Windows Operating Systems 2.0
Date of Resolved Release
Security Vulnerabilities in Sun Ray Server Software and Sun Ray Windows Connector May Compromise the Sun Ray Administration Password
Security vulnerabilities in Sun Ray Server Software and Sun Ray Windows Connector may allow a local unprivileged user to gain access to the Sun Ray administration password while the software products are being configured. This would in turn allow unauthorized remote access to the Sun Ray Data Store and unauthorized access to the Sun Ray Administration GUI as the built-in 'admin' user.
2. Contributing Factors
This issue can occur in the following releases:
1. Sun Ray Server Software 2.0 and Sun Ray Windows Connector 1.0 will not be evaluated regarding the potential impact of the issue described in this Sun Alert.
2. This issue does not affect Sun Ray Server Software 3.0 and 3.1 on the Trusted Solaris 8 platform. Only Solaris 8, 9, and 10 and Linux platforms are affected.
3. The password is exposed only while the affected software products are being configured. In Sun Ray Server Software, the vulnerability occurs while the utconfig(1M) tool is being run or while the utinstall(1M) tool is being used to upgrade from a prior version of SRSS or from configuration data preserved using the utpreserve(1M) tool. In Sun Ray Windows Connector, the vulnerability occurs while the uttscadm(1M) tool is being run.
To determine the version of Sun Ray Server software in use, the following command can be run:
$ /opt/SUNWut/lib/utprodinfo -p SUNWuto VERSIONTo determine the version of Sun Ray Windows Connector in use, the following command can be run:
$ /opt/SUNWut/lib/utprodinfo -p SUNWuttsc VERSION3. Symptoms
There are no predictable symptoms that would indicate the described issue has been exploited.
To work around the described issue, it should be ensured that no other users have access to the server while Sun Ray Server Software and Sun Ray Windows Connector are being configured.
If utconfig(1M), uttscadm(1M) or utinstall(1M) have been run while untrusted users may have had access to the server, the utpw(1M) tool or the Sun Ray web administration GUI should be used to change the Sun Ray administration password that may have been compromised. If this password has also been used for other purposes, passwords in affected software should be changed as well.
Note: If this server is part of a failover configuration, utpw(1M) should also be run on the remaining servers.
This issue is addressed in the following releases:
Note: After installation of the above listed patches to resolve this issue, use the utpw(1M) command or the Sun Ray web administration GUI to change the Sun Ray administration password on all servers in the replication group. If the Sun Ray administration password has also been used for other purposes, passwords in affected software should be changed as well.
For more information
on Security Sun Alerts, see 1009886.1.
This solution has no attachment