===================================================================== CERT-Renater Note d'Information No. 2009/VULN530 _____________________________________________________________________ DATE : 15/12/2009 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Sun Ray Server Software versions 4.0, 4.1. ====================================================================== http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-268228-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1 ______________________________________________________________________ Vulnerability in Sun Ray Server Software due to Logout Failure _________________________________________________________________ Category : Security Release Phase : Resolved Bug Id : 6853222 Product : Sun Ray Server Software 4.1 Date of Resolved Release : 10-Dec-2009 Vulnerability in Sun Ray Server Software due to Logout Failure, see below: 1. Impact When a local user logs out of a Sun Ray desktop session, the session may log the user back in again. The user may be unaware that the session has logged in again and is unlocked, which may allow another user to access to the desktop session. The issue does not occur when one locks the screen or when the smartcard used to access a session is removed from the Sun Ray DTU. 2. Contributing Factors This issue can occur in the following releases: SPARC Platform * Sun Ray Server Software 4.1 (for Solaris 10) without patch 139548-03 x86 Platform * Sun Ray Server Software 4.1 (for Solaris 10) without patch 139549-03 Note 1: Sun Ray Server Software 4.0 and Sun Ray Server Software 4.1 on the Linux platform are not impacted by this issue. Note 2: For the issue to occur, Sun Ray "Automatic Multi-Group Hotdesking" (AMGH) feature must be enabled and supplying usernames and one of the following must also apply: a) "Non Smartcard Mobility" (NSCM) is not configured (i.e. non-mobile pseudo sessions are used) and another user has physical access to the Sun Ray DTU where the user had previously logged out. b) Smartcards are used to access a session, and another user has physical access to that smartcard and physical access to any Sun Ray DTU. 3. Symptoms Upon logout, a local user is automatically logged in again. 4. Workaround If smartcards are not used for Sun Ray session authentication, then enable NSCM policy and do not use smartcards. If that is not feasible, then disable Remote Hotdesk Authentication (RHA). To disable RHA, use the Admin GUI or the -D option of utpolicy(1M). 5. Resolution This issue is addressed in the following releases: SPARC Platform * Sun Ray Server Software 4.1 (for Solaris 10) with patch 139548-03 x86 Platform * Sun Ray Server Software 4.1 (for Solaris 10) with patch 139549-03 For more information on Security Sun Alerts, see Technical Instruction ID 213557: http://sunsolve.sun.com/search/document.do?assetkey=1-61-213557-1 This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved ________________________________________________________________________ A Security Vulnerability in the Generation of Encryption Keys for Sun Ray Firmware Category : Security Release Phase : Resolved Bug Id : 6852457 Product : Sun Ray Server Software 4.0 Sun Ray Server Software 4.1 Date of Resolved Release : 09-Dec-2009 A security vulnerability in the generation of encryption keys for Sun Ray firmware: 1. Impact A security vulnerability in the generation of encryption keys for Sun Ray firmware may allow a remote unprivileged user, who is able to intercept network traffic, to predict the private key and decrypt the mouse, keyboard, and display traffic between the Sun Ray DTU and the Sun Ray Server. 2. Contributing Factors This issue can occur in the following releases: SPARC Platform * Sun Ray Server Software 4.0 (for Solaris 10) without patch 127553-07 * Sun Ray Server Software 4.1 (for Solaris 10) without patch 139548-03 x86 Platform * Sun Ray Server Software 4.0 (for Solaris 10) without patch 127554-07 * Sun Ray Server Software 4.1 (for Solaris 10) without patch 139549-03 Linux Platform * Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9) without patch 127555-07 * Sun Ray Server Software 4.1 (for RHEL 5, SLES 10) without patch 139550-03 Note: This issue only applies to the following DTU models: * Sun Ray 1 * Sun Ray 1g * Sun Ray 100 * Sun Ray 150 This issue does not apply to the Sun Ray 2 family of DTUs. 3. Symptoms There are no predictable symptoms that would indicate the described issue has been exploited. 4. Workaround There is no workaround for this issue. Please see the Resolution section below. 5. Resolution This issue is addressed in the following releases: SPARC Platform * Sun Ray Server Software 4.0 (for Solaris 10) with patch 127553-07 or later * Sun Ray Server Software 4.1 (for Solaris 10) with patch 139548-03 or later x86 Platform * Sun Ray Server Software 4.0 (for Solaris 10) with patch 127554-07 or later * Sun Ray Server Software 4.1 (for Solaris 10) with patch 139549-03 or later Linux Platform * Sun Ray Server Software 4.0 (for RHEL AS 4, SLES 9) with patch 127555-07 or later * Sun Ray Server Software 4.1 (for RHEL 5, SLES 10) with patch 139550-03 or later For more information on Security Sun Alerts, see Technical Instruction ID 213557. This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================