CVE-2008-5423

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-5423
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 3.1 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/33108
http://secunia.com/advisories/33119
http://securitytracker.com/id?1021379
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1 Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1 Patch
http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm
http://www.securityfocus.com/bid/32772
http://www.vupen.com/english/advisories/2008/3406
http://www.vupen.com/english/advisories/2008/3407
https://exchange.xforce.ibmcloud.com/vulnerabilities/47258
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:sun:ray_server_software:3.0:*:sparc:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:3.1:*:sparc:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:sparc:*:*:*:*:*
OR cpe:2.3:o:sun:solaris:8:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:sun:ray_server_software:3.1:*:x86:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:sun:ray_windows_connector:1.1:*:sparc:*:*:*:*:*
cpe:2.3:a:sun:ray_windows_connector:2.0:*:sparc:*:*:*:*:*
OR cpe:2.3:a:sun:ray_server_software:3.1:*:sparc:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:sparc:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:sun:ray_windows_connector:1.1:*:x86:*:*:*:*:*
cpe:2.3:a:sun:ray_windows_connector:2.0:*:x86:*:*:*:*:*
OR cpe:2.3:a:sun:ray_server_software:3.1:*:x86:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:x86:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:a:sun:ray_windows_connector:1.1:*:linux:*:*:*:*:*
cpe:2.3:a:sun:ray_windows_connector:2.0:*:linux:*:*:*:*:*
OR cpe:2.3:a:sun:ray_server_software:3.1.1:*:linux:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:linux:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:a:sun:ray_server_software:3.1.1:*:linux:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:4.0:*:linux:*:*:*:*:*
OR cpe:2.3:o:novell:suse_linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4:*:advanced_server:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:a:sun:ray_server_software:3.0:*:linux:*:*:*:*:*
cpe:2.3:a:sun:ray_server_software:3.1:*:linux:*:*:*:*:*
OR cpe:2.3:a:sun:java_desktop_system:2.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3:*:advanced_server:*:*:*:*:*
History

No history.

Information

Published : 2008-12-11 15:30

Updated : 2023-12-10 10:51

NVD link : CVE-2008-5423

Mitre link : CVE-2008-5423

CVE.ORG link : CVE-2008-5423

JSON object : View

Products Affected

redhat

  • enterprise_linux

sun

  • solaris
  • ray_server_software
  • ray_windows_connector
  • java_desktop_system

novell

  • suse_linux_enterprise_server
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor