|
Note: This is an archival copy of Security Sun Alert 201783 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001321.1. |
Category Security Release Phase Resolved Sun Secure Global Desktop Software 4.2 Bug Id 6467099 Date of Resolved Release 29-SEP-2006 Impact Two Cross Site Scripting vulnerabilities in the Sun Secure Global Desktop (SSGD) software may allow a local or remote unprivileged user to execute arbitrary script commands in another user's context, potentially allowing an unprivileged remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server. Sun acknowledges, with thanks, Marc Ruef of scip AG for bringing this issue to our attention. Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Linux Platform
To determine the version of the Sun Secure Global Desktop Software running on a system, the following command can be executed on the Sun Secure Global Desktop server: $ <INSTALL_DIR>/bin/tarantella version Sun Secure Global Desktop Software for SPARC Solaris 2.8+ (4.20.983) Architecture code: spso0510 This host: SunOS <SERVER NAME> 5.10 Generic_118822-25 sun4v sparc SUNW,Sun-Fire-T2000 Symptoms There are no predictable symptoms that would indicate the described issue has occurred. Workaround There is no workaround for this issue. Please see the Resolution section below. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Linux Platform
The latest build of Sun Secure Global Desktop Software can be downloaded for all of the above platforms from the following URL: http://www.sun.com/download/products.xml?id=43321db9 Attachments This solution has no attachment | |||||||||||||||
|
|