Insecure DSA Key Management in Sun Ray Server Software Affects Sun Ray Devices
CVE-2009-4295

Currently unrated

Key Information:

Vendor: Oracle
Status: Ray Server Software
Vendor: CVE Published:; 11 December 2009

Summary

The Sun Ray Server Software versions 4.0 and 4.1 exhibit a vulnerability due to the lack of unique DSA private keys for firmware across various Sun Ray Desktop Units (DTUs). This design flaw allows attackers to predict DSA keys, thereby facilitating the decryption of intercepted network traffic. In scenarios where sensitive data is transmitted, such unsophisticated attacks can lead to unauthorized information disclosure, posing significant risks to network security.

References

http://www.securityfocus.com/bid/37285

vdb-entryx_refsource_BID

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://www.vupen.com/english/advisories/2009/3477

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 11, 2009