Note: This is an archival copy of Security Sun Alert 274590 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021732.1.
Article ID : 1021732.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-05-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

This Alert Covers CVE-2010-0888 for the Device Services Component of the Sun Ray Server Software Product

Category
Security

Release Phase
Resolved

Bug Id
6902328

Product
Sun Ray Server Software 4.0
Sun Ray Server Software 4.1
Sun Ray Server Software 4.2

Date of Resolved Release
12-Apr-2010

.

1. Impact

This Alert covers CVE-2010-0888 for the Device Services component of the Sun Ray Server Software product.

CVE-2010-0888 can be found at http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0888

Please see http://www.oracle.com/technology/deploy/security/alerts.htm for more information about Critical Patch Updates and Security Alerts. This publication relates to the CPU for April 2010.

2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform
  • Sun Ray Server Software 4.2 (for Solaris 10) without patch 140993-01
  • Sun Ray Server Software 4.1 (for Solaris 10) without patch 139548-04
  • Sun Ray Server Software 4.0 (for Solaris 10) without patch 127553-08
x86 Platform
  • Sun Ray Server Software 4.2 (for Solaris 10) without patch 140994-01
  • Sun Ray Server Software 4.1 (for Solaris 10) without patch 139549-04
  • Sun Ray Server Software 4.0 (for Solaris 10) without patch 127554-08
Linux
  • Sun Ray Server Software 4.2 (for Solaris 10) without patch 140995-01
  • Sun Ray Server Software 4.1 (for Solaris 10) without patch 139550-04
  • Sun Ray Server Software 4.0 (for Solaris 10) without patch 127555-08
Notes:

1. Previous versions of Sun Ray Server Software are not affected by this issue.

2. To determine the version of the Sun Ray Server Software on a Solaris system, the following command can be run:
$ /usr/bin/pkgparam SUNWuto VERSION
4.2_77,REV=2009.10.19.17.01   
3. To determine the version of the Sun Ray Server Software on a Linux system, the following command can be run:
$ /bin/rpm -q SUNWuto
SUNWuto-4.2-77
4. This issue only affects servers which have the Device Services enabled. To determine if Device Services is enabled on a server, the following can be used:
$ /opt/SUNWut/sbin/utdevadm
Sun Ray Device Service     Status
------------------------------------------
internal_serial            enabled     
internal_smartcard_reader  enabled     
usb                        enabled
3. Symptoms


4. Workaround


5. Resolution

This issue is addressed in the following releases:

SPARC Platform
  • Sun Ray Server Software 4.2 (for Solaris 10) with patch 140993-01 or later
  • Sun Ray Server Software 4.1 (for Solaris 10) with patch 139548-04 or later
  • Sun Ray Server Software 4.0 (for Solaris 10) with patch 127553-08 or later
x86 Platform
  • Sun Ray Server Software 4.2 (for Solaris 10) with patch 140994-01 or later
  • Sun Ray Server Software 4.1 (for Solaris 10) with patch 139549-04 or later
  • Sun Ray Server Software 4.0 (for Solaris 10) with patch 127554-08 or later
Linux
  • Sun Ray Server Software 4.2 (for Solaris 10) with patch 140995-01 or later
  • Sun Ray Server Software 4.1 (for Solaris 10) with patch 139550-04 or later
  • Sun Ray Server Software 4.0 (for Solaris 10) with patch 127555-08 or later


References

139548-04
139549-04
139550-04
127553-08
127554-08
127555-08
140993-01
140994-01
140995-01





Attachments
This solution has no attachment