Note: This is an archival copy of Security Sun Alert 240506 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019522.1.
Article ID : 1019522.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerabilities in Sun Ray Server Software and Sun Ray Windows Connector May Compromise the Sun Ray Administration Password

Category
Security

Release Phase
Resolved

Bug Id
6616994, 6617000

Product
Sun Ray Server Software 3.0
Sun Ray Server Software 4.0
Sun Ray Connector for Windows Operating Systems 1.1
Sun Ray Connector for Windows Operating Systems 2.0

Date of Resolved Release
05-Dec-2008

Security Vulnerabilities in Sun Ray Server Software and Sun Ray Windows Connector May Compromise the Sun Ray Administration Password

1. Impact

Security vulnerabilities in Sun Ray Server Software and Sun Ray Windows Connector may allow a local unprivileged user to gain access to the Sun Ray administration password while the software products are being configured. This would in turn allow unauthorized remote access to the Sun Ray Data Store and unauthorized access to the Sun Ray Administration GUI as the built-in 'admin' user.

2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform
  • Sun Ray Server Software 4.0 (for Solaris 10) without patch 127553-04
  • Sun Ray Server Software 3.1 (for Solaris 8, 9, and 10) without patch 120879-08
  • Sun Ray Server Software 3.0 (for Solaris 8 and 9) without patch 118979-04
  • Sun Ray Windows Connector 2.0 (for SRSS 4.0) without patch 127556-03
  • Sun Ray Windows Connector 1.1 (for SRSS 3.1) without patch 124847-04
x86 Platform
  • Sun Ray Server Software 4.0 (for Solaris 10) without patch 127554-04
  • Sun Ray Server Software 3.1 (for Solaris 10) without patch 120880-08
  • Sun Ray Windows Connector 2.0 (for SRSS 4.0) without patch 127557-03
  • Sun Ray Windows Connector 1.1 (for SRSS 3.1) without patch 124848-04
Linux Platform
  • Sun Ray Server Software 4.0  (for RHEL AS 4, SLES 9) without patch 127555-04
  • Sun Ray Server Software 3.1.1 (for RHEL AS 4, SLES 9) without patch 124388-03
  • Sun Ray Server Software 3.1  (for RHEL AS 3, SLES 8, JDS 2) without patch 120881-08
  • Sun Ray Server Software 3.0  (for RHEL AS 3, SLES 8, JDS 2) without patch 119836-04
  • Sun Ray Windows Connector 2.0 (for SRSS 4.0) without patch 127558-03
  • Sun Ray Windows Connector 1.1 (for SRSS 3.1.1) without patch 124849-04
Notes:

1. Sun Ray Server Software 2.0 and Sun Ray Windows Connector 1.0 will not be evaluated regarding the potential impact of the issue described in this Sun Alert.

2. This issue does not affect Sun Ray Server Software 3.0 and 3.1 on the Trusted Solaris 8 platform. Only Solaris 8, 9, and 10 and Linux platforms are affected.

3. The password is exposed only while the affected software products are being configured. In Sun Ray Server Software, the vulnerability occurs while the utconfig(1M) tool is being run or while the utinstall(1M) tool is being used to upgrade from a prior version of SRSS or from configuration data preserved using the utpreserve(1M) tool. In Sun Ray Windows Connector, the vulnerability occurs while the uttscadm(1M) tool is being run.

To determine the version of Sun Ray Server software in use, the following command can be run:
$ /opt/SUNWut/lib/utprodinfo -p SUNWuto VERSION
4.0_48
To determine the version of Sun Ray Windows Connector in use, the following command can be run:
$ /opt/SUNWut/lib/utprodinfo -p SUNWuttsc VERSION
2.0_23

3. Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.

4. Workaround

To work around the described issue, it should be ensured that no other users have access to the server while Sun Ray Server Software and Sun Ray Windows Connector are being configured.

If utconfig(1M), uttscadm(1M) or utinstall(1M) have been run while untrusted users may have had access to the server, the utpw(1M) tool or the Sun Ray web administration GUI should be used to change the Sun Ray administration password that may have been compromised. If this password has also been used for other purposes, passwords in affected software should be changed as well.

Note: If this server is part of a failover configuration, utpw(1M) should also be run on the remaining servers.

5. Resolution

This issue is addressed in the following releases:

SPARC Platform
  • Sun Ray Server Software 4.0 (for Solaris 10) with patch 127553-04 or later
  • Sun Ray Server Software 3.1 (for Solaris 8, 9, and 10) with patch 120879-08 or later
  • Sun Ray Server Software 3.0 (for Solaris 8 and 9) with patch 118979-04 or later
  • Sun Ray Windows Connector 2.0 (for SRSS 4.0) with patch 127556-03 or later
  • Sun Ray Windows Connector 1.1 (for SRSS 3.1) with patch 124847-04 or later
x86 Platform
  • Sun Ray Server Software 4.0 (for Solaris 10) with patch 127554-04 or later
  • Sun Ray Server Software 3.1 (for Solaris 10) with patch 120880-08 or later
  • Sun Ray Windows Connector 2.0 (for SRSS 4.0) with patch 127557-03 or later
  • Sun Ray Windows Connector 1.1 (for SRSS 3.1) with patch 124848-04 or later
Linux Platform
  • Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9) with patch 127555-04 or later
  • Sun Ray Server Software 3.1.1 (for RHEL AS 4, SLES 9) with patch 124388-03 or later
  • Sun Ray Server Software 3.1 (for JDS 2, RHEL AS 3, SLES 8) with patch 120881-08 or later
  • Sun Ray Server Software 3.0 (for JDS 2, RHEL AS 3, SLES 8) with patch 119836-04 or later
  • Sun Ray Windows Connector 2.0 (for SRSS 4.0) with patch 127558-03 or later
  • Sun Ray Windows Connector 1.1 (for SRSS 3.1.1) with patch 124849-04 or later

Note: After installation of the above listed patches to resolve this issue, use the utpw(1M) command or the Sun Ray web administration GUI to change the Sun Ray administration password on all servers in the replication group. If the Sun Ray administration password has also been used for other purposes, passwords in affected software should be changed as well.

For more information on Security Sun Alerts, see 1009886.1.


This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.


References

124388-03
127553-04
127554-04
127555-04
127556-03
127557-03
127558-03
118979-04
119836-04
120879-08
120880-08
124847-04
124848-04
124849-04
120881-08





Attachments
This solution has no attachment