-->
SecPod ID: 10087 Status: Public Report
Sun Ray Server and Windows Connector Unauthorized Admin Severity: Medium
Access Vulnerability Release Date: 12-12-2008
CVSS Base Score: 4.3 (AV:L/AC:L/Au:SI/C:P/I:P/A:P)
CVSS Temporal Score = 3.2
Impact Level: Application
Affected Software/OS/Device:
- Sun Ray Windows Connector 1.1 or prior
- Sun Ray Windows Connector 2.0 or prior
- Sun Ray Server Software 4.0
- Sun Ray Server Software 3.1
OpenVAS Plugin ID:
Snort Signature ID:
OVAL ID:
Vulnerability Insight:
Overview:
Sun Ray Server and Windows Connector are prone to Unauthorized Admin Access Vulnerability.
Description:
This flaw is due to an unspecified error while configuring the application
which lets the attacker gain admin privileges.
Impact:
Successful exploitation will let the attacker gain administrator password
and compromise the whole remote system.
CVSS Score Report:
ACCESS_VECTOR = LOCAL
ACCESS_COMPLEXITY = LOW
AUTHENTICATION = SINGLE_INSTANCE
CONFIDENTIALITY_IMPACT = PARTIAL
INTEGRITY_IMPACT = PARTIAL
AVAILABILITY_IMPACT = PARTIAL
EXPLOITABILITY = UNPROVEN
REMEDIATION_LEVEL = OFFICIAL_FIX
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 4.3 (AV:L/AC:L/Au:SI/C:P/I:P/A:P)
CVSS Temporal Score = 3.2
Risk factor = Medium
Fix:
Apply the security patches,
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240506-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-240365-1
References:
http://www.vupen.com/english/advisories/2008/3407