----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)  

If not, then implement it through the most reliable vulnerability
intelligence source on the market. 

Implement it through Secunia. 

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com

----------------------------------------------------------------------

TITLE:
Sun Ray Server Software Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA37627

VERIFY ADVISORY:
http://secunia.com/advisories/37627/

DESCRIPTION:
A weakness and a vulnerability have been reported in Sun Ray Server
Software, which can be exploited by malicious people to disclose
sensitive information, cause a DoS (Denial of Service), or
potentially compromise a vulnerable system.

1) An unspecified error in the Authentication Manager can be
exploited to cause a crash and potentially execute arbitrary code
with privileges of the root user.

2) The weakness is caused due to an unspecified error in the Sun Ray
firmware, which generates weak encryption keys. This can be exploited
to predict the private key for mouse, keyboard, and display traffic
between the Sun Ray DTU and the Sun Ray Server.

Successful exploitation requires an attacker to intercept network
traffic.

NOTE: The weakness does not affect Sun Ray 1 DTU, Sun Ray 1g DTU, Sun
Ray 100 DTU, and Sun Ray 150 DTU.

The weakness and the vulnerability are reported in versions 4.0 and
4.1.

SOLUTION:
Apply patches.

-- SPARC Platform --

Sun Ray Server Software 4.0 (for Solaris 10):
Apply patch 127553-07
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-127553-07-1

Sun Ray Server Software 4.1 (for Solaris 10):
Apply patch 139548-03.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-139548-03-1

-- x86 Platform --

Sun Ray Server Software 4.0 (for Solaris 10):
Apply patch 127554-07
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-127554-07-1

Sun Ray Server Software 4.1 (for Solaris 10):
Apply patch 139549-03
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-139549-03-1

-- Linux Platform --

Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9):
Apply patch 127555-07
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-127555-07-1

Sun Ray Server Software 4.1 (for RHEL 5, SLES 10):
Apply patch 139550-03
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-139550-03-1

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-267548-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------