Vulnerabilities > CVE-2007-0482 - Unspecified vulnerability in SUN RAY Server Software 2.0/3.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS9_114880.NASL description Sun Ray Server version 2.0 Patch Update. Date this patch was last updated by Sun : Feb/14/08 last seen 2020-06-01 modified 2020-06-02 plugin id 23503 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23503 title Solaris 9 (sparc) : 114880-12 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(23503); script_version("1.21"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2006-4049", "CVE-2007-0482"); script_name(english:"Solaris 9 (sparc) : 114880-12"); script_summary(english:"Check for patch 114880-12"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 114880-12" ); script_set_attribute( attribute:"description", value: "Sun Ray Server version 2.0 Patch Update. Date this patch was last updated by Sun : Feb/14/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/114880-12" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutux", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutkio", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWuto", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutu", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutesa", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutps", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWuta", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutscr", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutr", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS8_114880.NASL description Sun Ray Server version 2.0 Patch Update. Date this patch was last updated by Sun : Feb/14/08 last seen 2020-06-01 modified 2020-06-02 plugin id 23368 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23368 title Solaris 8 (sparc) : 114880-12 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(23368); script_version("1.21"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2006-4049", "CVE-2007-0482"); script_name(english:"Solaris 8 (sparc) : 114880-12"); script_summary(english:"Check for patch 114880-12"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 114880-12" ); script_set_attribute( attribute:"description", value: "Sun Ray Server version 2.0 Patch Update. Date this patch was last updated by Sun : Feb/14/08" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/114880-12" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutux", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutkio", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWuto", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutu", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutesa", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutps", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWuta", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutscr", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"114880-12", obsoleted_by:"", package:"SUNWutr", version:"2.0_37.b,REV=2002.12.19.07.46") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
References
- http://osvdb.org/31671
- http://secunia.com/advisories/23900
- http://securitytracker.com/id?1017547
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102779-1
- http://www.securityfocus.com/bid/22192
- http://www.vupen.com/english/advisories/2007/0316
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31700