LDAP Password Exposure in Sun Ray Server Software and Windows Connector
CVE-2008-5423

Currently unrated

Key Information:

Vendor: Oracle
Status: Ray Server Software
Vendor: CVE Published:; 11 December 2008

Summary

The Sun Ray Server Software and Sun Ray Windows Connector contain a vulnerability that allows local users to inadvertently expose the LDAP password during a configuration process. This exposure enables unauthorized access to the Sun Ray administration password, potentially compromising the security of the Data Store and the Administration GUI. The issue relates to unaddressed vectors involving the utconfig component in the Server Software and the uttscadm component in the Windows Connector, which can be exploited by local users to escalate their privileges.

References

http://secunia.com/advisories/33119

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/32772

vdb-entryx_refsource_BID

http://secunia.com/advisories/33108

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Dec 11, 2008
Vulnerability Reserved
Dec 11, 2008