Session Management Flaw in Sun Ray Server Software for Solaris
CVE-2004-0701

Currently unrated

Key Information:

Vendor: Oracle
Status: Ray Server Software
Vendor: CVE Published:; 27 July 2004

What is CVE-2004-0701?

The Sun Ray Server Software (SRSS) versions 1.3 and 2.0 for Solaris 2.6, 7, and 8 contain a vulnerability that fails to adequately detect smartcard removal. If a user quickly removes, reinserts, and removes the smartcard again, the system may continue to keep the user session active. This lapse in session management could potentially allow local users unauthorized access to the session, compromising sensitive data and system integrity.

References

http://www.securityfocus.com/bid/7457

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/11905

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/100780

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Jul 27, 2004
Vulnerability Reserved
Jul 20, 2004

Oracle

What is CVE-2004-0701?

References

Timeline