Vulnerabilities > CVE-2009-4294 - Remote Code Execution vulnerability in Sun Ray Server Authentication Manager

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
sun
critical
nessus
NVD
Published: 2009-12-11
Updated: 2009-12-14

Summary

Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Sun
6

Nessus

NASL familySolaris Local Security Checks
NASL idSOLARIS10_127553.NASL
descriptionSun Ray Core Services version 4.0 Patch Update. Date this patch was last updated by Sun : Feb/24/10 This plugin has been deprecated and either replaced with individual 127553 patch-revision plugins, or deemed non-security related.
last seen2019-02-21
modified2018-07-30
plugin id35194
published2008-12-17
reporterTenable
sourcehttps://www.tenable.com/plugins/index.php?view=single&id=35194
titleSolaris 10 (sparc) : 127553-08 (deprecated)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# @DEPRECATED@
#
# Disabled on 2018/03/12. Deprecated and either replaced by
# individual patch-revision plugins, or has been deemed a
# non-security advisory.
#
include("compat.inc");

if (description)
{
  script_id(35194);
  script_version("1.15");
  script_cvs_date("Date: 2019/10/25 13:36:26");

  script_cve_id("CVE-2008-5422", "CVE-2008-5423", "CVE-2009-2489", "CVE-2009-2490", "CVE-2009-2491", "CVE-2009-4294", "CVE-2009-4295");

  script_name(english:"Solaris 10 (sparc) : 127553-08 (deprecated)");
  script_summary(english:"Check for patch 127553-08");

  script_set_attribute(
    attribute:"synopsis", 
    value:"This plugin has been deprecated."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Sun Ray Core Services version 4.0 Patch Update.
Date this patch was last updated by Sun : Feb/24/10

This plugin has been deprecated and either replaced with individual
127553 patch-revision plugins, or deemed non-security related."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://getupdates.oracle.com/readme/127553-08"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"n/a"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(200, 264, 310);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/02/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/12/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");

  exit(0);
}

exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 127553 instead.");

References