CVE-2008-5423

Sažetak

Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.

Reference

http://secunia.com/advisories/33108
http://secunia.com/advisories/33119
http://securitytracker.com/id?1021379
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1
http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm
http://www.securityfocus.com/bid/32772
http://www.vupen.com/english/advisories/2008/3406
http://www.vupen.com/english/advisories/2008/3407
https://exchange.xforce.ibmcloud.com/vulnerabilities/47258

CVSS

Base:	4.3
Impact:	6.4
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

30-10-2018 - 16:25

Objavljeno

11-12-2008 - 15:30