CVE-2008-5423

Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:sun:ray_server_software:3.0:*:sparc:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:3.1:*:sparc:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:sparc:*:*:*:*:*
OR cpe:2.3:o:sun:solaris:8:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:sun:ray_server_software:3.1:*:x86:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:sun:ray_windows_connector:1.1:*:sparc:*:*:*:*:*
cpe:2.3:a:sun:ray_windows_connector:2.0:*:sparc:*:*:*:*:*
OR cpe:2.3:a:sun:ray_server_software:3.1:*:sparc:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:sparc:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:sun:ray_windows_connector:1.1:*:x86:*:*:*:*:*
cpe:2.3:a:sun:ray_windows_connector:2.0:*:x86:*:*:*:*:*
OR cpe:2.3:a:sun:ray_server_software:3.1:*:x86:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:x86:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:a:sun:ray_windows_connector:1.1:*:linux:*:*:*:*:*
cpe:2.3:a:sun:ray_windows_connector:2.0:*:linux:*:*:*:*:*
OR cpe:2.3:a:sun:ray_server_software:3.1.1:*:linux:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:linux:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:a:sun:ray_server_software:3.1.1:*:linux:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:linux:*:*:*:*:*
OR cpe:2.3:o:novell:suse_linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4:*:advanced_server:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:a:sun:ray_server_software:3.0:*:linux:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:3.1:*:linux:*:*:*:*:*
OR cpe:2.3:a:sun:java_desktop_system:2.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3:*:advanced_server:*:*:*:*:*

History

21 Nov 2024, 00:54

Type Values Removed Values Added
References () http://secunia.com/advisories/33108 - () http://secunia.com/advisories/33108 -
References () http://secunia.com/advisories/33119 - () http://secunia.com/advisories/33119 -
References () http://securitytracker.com/id?1021379 - () http://securitytracker.com/id?1021379 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 - Patch () http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 - Patch
References () http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1 - Patch, Vendor Advisory () http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1 - Patch, Vendor Advisory
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1 - Patch () http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1 - Patch
References () http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm - () http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm -
References () http://www.securityfocus.com/bid/32772 - () http://www.securityfocus.com/bid/32772 -
References () http://www.vupen.com/english/advisories/2008/3406 - () http://www.vupen.com/english/advisories/2008/3406 -
References () http://www.vupen.com/english/advisories/2008/3407 - () http://www.vupen.com/english/advisories/2008/3407 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/47258 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/47258 -

Information

Published : 2008-12-11 15:30

Updated : 2024-11-21 00:54


NVD link : CVE-2008-5423

Mitre link : CVE-2008-5423

CVE.ORG link : CVE-2008-5423


JSON object : View

Products Affected

sun

  • ray_windows_connector
  • ray_server_software
  • java_desktop_system
  • solaris

redhat

  • enterprise_linux

novell

  • suse_linux_enterprise_server
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor