CVE-2008-5423

CVSS V2 Medium 4.3 CVSS V3 None

Description

Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.

Overview

CVE ID
CVE-2008-5423

Assigner
cve@mitre.org

Vulnerability Status
Modified

Published Version
2008-12-11T15:30:00

Last Modified Date
2018-10-30T16:25:58

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
		AND
cpe:2.3:a:sun:ray_server_software:3.0::sparc:::::	1	OR
cpe:2.3:a:sun:ray_server_software:3.1::sparc:::::	1	OR
cpe:2.3:a:sun:ray_server_software:4.0::sparc:::::	1	OR
cpe:2.3:o:sun:solaris:8::sparc:::::	0	OR
cpe:2.3:o:sun:solaris:9::sparc:::::	0	OR
cpe:2.3:o:sun:solaris:10::sparc:::::	0	OR
		AND
cpe:2.3:a:sun:ray_server_software:3.1::x86:::::	1	OR
cpe:2.3:a:sun:ray_server_software:4.0::x86:::::	1	OR
cpe:2.3:o:sun:solaris:10::x86:::::	0	OR
		AND
cpe:2.3:a:sun:ray_windows_connector:1.1::sparc:::::	1	OR
cpe:2.3:a:sun:ray_windows_connector:2.0::sparc:::::	1	OR
cpe:2.3:a:sun:ray_server_software:3.1::sparc:::::	1	OR
cpe:2.3:a:sun:ray_server_software:4.0::sparc:::::	1	OR
		AND
cpe:2.3:a:sun:ray_windows_connector:1.1::x86:::::	1	OR
cpe:2.3:a:sun:ray_windows_connector:2.0::x86:::::	1	OR
cpe:2.3:a:sun:ray_server_software:3.1::x86:::::	1	OR
cpe:2.3:a:sun:ray_server_software:4.0::x86:::::	1	OR
		AND
cpe:2.3:a:sun:ray_windows_connector:1.1::linux:::::	1	OR
cpe:2.3:a:sun:ray_windows_connector:2.0::linux:::::	1	OR
cpe:2.3:a:sun:ray_server_software:3.1.1::linux:::::	1	OR
cpe:2.3:a:sun:ray_server_software:4.0::linux:::::	1	OR
		AND
cpe:2.3:a:sun:ray_server_software:3.1.1::linux:::::	1	OR
cpe:2.3:a:sun:ray_server_software:4.0::linux:::::	1	OR
cpe:2.3:o:novell:suse_linux_enterprise_server:9:::::::*	0	OR
cpe:2.3:o:redhat:enterprise_linux:4::advanced_server:::::	0	OR
		AND
cpe:2.3:a:sun:ray_server_software:3.0::linux:::::	1	OR
cpe:2.3:a:sun:ray_server_software:3.1::linux:::::	1	OR
cpe:2.3:a:sun:java_desktop_system:2.0:::::::*	0	OR
cpe:2.3:o:novell:suse_linux_enterprise_server:8:::::::*	0	OR
cpe:2.3:o:redhat:enterprise_linux:3::advanced_server:::::	0	OR

CVSS Version 2

Version
2.0

Vector String
AV:L/AC:L/Au:S/C:P/I:P/A:P

Access Vector
LOCAL

Access Compatibility
LOW

Authentication
SINGLE

Confidentiality Impact
PARTIAL

Integrity Impact
PARTIAL

Availability Impact
PARTIAL

Base Score
4.3

Severity
MEDIUM

Exploitability Score
3.1

Impact Score
6.4

References

Reference URL	Reference Tags
http://www.securityfocus.com/bid/32772
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1	Patch
http://securitytracker.com/id?1021379
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1	Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1	Patch
http://secunia.com/advisories/33108
http://secunia.com/advisories/33119
http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm
http://www.vupen.com/english/advisories/2008/3407
http://www.vupen.com/english/advisories/2008/3406
https://exchange.xforce.ibmcloud.com/vulnerabilities/47258

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2008-5423
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5423

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:00:31				Added to TrackCVE