CVE-2008-5422
First published: Thu Dec 11 2008(Updated: )
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Sun Ray Software | =3.0 | |
| Oracle Sun Ray Software | =3.1 | |
| Oracle Sun Ray Software | =4.0 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =8 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =9 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =10 | |
| Oracle Sun Ray Software | =3.1 | |
| Oracle Sun Ray Software | =4.0 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =10 | |
| Oracle Sun Ray Software | =3.1.1 | |
| Oracle Sun Ray Software | =4.0 | |
| SUSE Linux Enterprise Server | =9 | |
| Red Hat Enterprise Linux | =4 | |
| Oracle Sun Ray Software | =3.0 | |
| Oracle Sun Ray Software | =3.1 | |
| Sun Java Desktop System | =2.0 | |
| SUSE Linux Enterprise Server | =8 | |
| Red Hat Enterprise Linux | =3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1
- http://www.securityfocus.com/bid/32769
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1
- http://secunia.com/advisories/33108
- http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm
- http://www.securitytracker.com/id?1021383
- http://www.vupen.com/english/advisories/2008/3406
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47253
Frequently Asked Questions
What is the severity of CVE-2008-5422?
CVE-2008-5422 is classified as a high severity vulnerability due to its potential for allowing unauthorized access to administrative functions.
How do I fix CVE-2008-5422?
To fix CVE-2008-5422, apply the latest security patches provided by Oracle for Sun Ray Server Software versions 3.0 through 4.0.
What does CVE-2008-5422 affect?
CVE-2008-5422 affects Oracle Sun Ray Server Software versions 3.0, 3.1, and 4.0 on both SPARC and x86 architectures.
What are the consequences of exploiting CVE-2008-5422?
Exploiting CVE-2008-5422 could allow an attacker to gain administrative access to the Data Store and Administration GUI, potentially compromising system integrity.
Is CVE-2008-5422 present in earlier versions of Sun Ray Server Software?
No, CVE-2008-5422 is not present in versions of Sun Ray Server Software earlier than 3.0.
- collector/nvd-historical
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sun
- canonical/oracle sun ray software
- version/oracle sun ray software/3.0
- version/oracle sun ray software/3.1
- version/oracle sun ray software/4.0
- canonical/oracle solaris and zettabyte file system (zfs)
- version/oracle solaris and zettabyte file system (zfs)/8
- version/oracle solaris and zettabyte file system (zfs)/9
- version/oracle solaris and zettabyte file system (zfs)/10
- version/oracle sun ray software/3.1.1
- vendor/novell
- canonical/suse linux enterprise server
- version/suse linux enterprise server/9
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/4
- canonical/sun java desktop system
- version/sun java desktop system/2.0
- version/suse linux enterprise server/8
- version/red hat enterprise linux/3