| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability bulletin CVE-2009-2489 CVE-2009-2490 CVE-2009-2491
Sun Ray Server: access to a session
Synthesis of the vulnerability
| Several vulnerabilities of Sun Ray Server can be used by a local attacker to access to sessions of another user. |
Severity: 2/4.
Creation date: 16/07/2009.
|
Description of the vulnerability
The Sun Ray Server (SRSS) product provides thin clients with a Solaris, Linux or Windows environment. When a user leaves a thin client, his session is saved on SRSS, and is then reimported when he connects again on a thin client.
The utdmsession program informs the Device Manager when a session is created/destroyed. A local attacker can use utdmsession to access to sessions of other users. [severity:2/4; 252226, 6740687, BID-35711, CVE-2009-2489, >]
The utaudiod daemon manages the Audio Service. When Trusted Extensions are enabled, a local attacker can generate a denial of service in utaudiod. [severity:1/4; 253889, 6672502, BID-35713, CVE-2009-2490, >]
The utaudiod daemon manages the Audio Service. When Trusted Extensions are enabled, a local attacker can use utaudiod to access to the session of another user. [severity:2/4; 253889, 6672502, BID-35713, CVE-2009-2491, >]
An attacker can therefore obtain privileges of another user. |
Complete Vigil@nce bulletin
Characteristics
Title: Sun Ray Server: access to a session.
Keywords: 252226 253889 6672502 6740687 Audio Device Extensions Linux Manager Ray SRSS Server Service Solaris Sun Trusted Windows access session.
Identifiers: 252226, 253889, 6672502, 6740687, BID-35711, BID-35713, CVE-2009-2489, CVE-2009-2490, CVE-2009-2491, VIGILANCE-VUL-8868.
|
Solutions for this vulnerability
Supplements
Vulnerability : 252226 utdmsession
The utdmsession program informs the Device Manager when a session is created/destroyed. A local attacker can use utdmsession to access to sessions of other users.
Severity: 2/4.
Identifiers: 252226, 6740687, BID-35711, CVE-2009-2489.
|
|
Vulnerability : 253889 utaudiod 1
The utaudiod daemon manages the Audio Service. When Trusted Extensions are enabled, a local attacker can generate a denial of service in utaudiod.
Severity: 1/4.
Identifiers: 253889, 6672502, BID-35713, CVE-2009-2490.
|
|
Vulnerability : 253889 utaudiod 2
The utaudiod daemon manages the Audio Service. When Trusted Extensions are enabled, a local attacker can use utaudiod to access to the session of another user.
Severity: 2/4.
Identifiers: 253889, 6672502, BID-35713, CVE-2009-2491.
|
|
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Technology watch team on vulnerabilities
|