Vigil@nce: Sun Ray Server, access to a session
July 2009 by Vigil@nce
Several vulnerabilities of Sun Ray Server can be used by a local
attacker to access to sessions of another user.
Severity: 2/4
Consequences: user access/rights, denial of service of service
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 3
Creation date: 16/07/2009
IMPACTED PRODUCTS
– Red Hat Enterprise Linux
– Sun Solaris
– SUSE Linux Enterprise Server
DESCRIPTION OF THE VULNERABILITY
The Sun Ray Server (SRSS) product provides thin clients with a
Solaris, Linux or Windows environment. When a user leaves a thin
client, his session is saved on SRSS, and is then reimported when
he connects again on a thin client.
The utdmsession program informs the Device Manager when a session
is created/destroyed. A local attacker can use utdmsession to
access to sessions of other users. [grav:2/4; 252226, 6740687,
BID-35711, CVE-2009-2489]
The utaudiod daemon manages the Audio Service. When Trusted
Extensions are enabled, a local attacker can generate a denial of
service in utaudiod. [grav:1/4; 253889, 6672502, BID-35713,
CVE-2009-2490]
The utaudiod daemon manages the Audio Service. When Trusted
Extensions are enabled, a local attacker can use utaudiod to
access to the session of another user. [grav:2/4; 253889, 6672502,
BID-35713, CVE-2009-2491]
An attacker can therefore obtain privileges of another user.
CHARACTERISTICS
Identifiers: 252226, 253889, 6672502, 6740687, BID-35711,
BID-35713, CVE-2009-2489, CVE-2009-2490, CVE-2009-2491,
VIGILANCE-VUL-8868
http://vigilance.fr/vulnerability/Sun-Ray-Server-access-to-a-session-8868