Vulnerabilities > CVE-2009-4295 - Cryptographic Issues vulnerability in SUN RAY Server Software 4.0/4.1

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
low complexity
sun
CWE-310
nessus
NVD
Published: 2009-12-11
Updated: 2009-12-14

Summary

Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.

Vulnerable Configurations

Part Description Count
Application
Sun
6

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL familySolaris Local Security Checks
NASL idSOLARIS10_127553.NASL
descriptionSun Ray Core Services version 4.0 Patch Update. Date this patch was last updated by Sun : Feb/24/10 This plugin has been deprecated and either replaced with individual 127553 patch-revision plugins, or deemed non-security related.
last seen2019-02-21
modified2018-07-30
plugin id35194
published2008-12-17
reporterTenable
sourcehttps://www.tenable.com/plugins/index.php?view=single&id=35194
titleSolaris 10 (sparc) : 127553-08 (deprecated)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# @DEPRECATED@
#
# Disabled on 2018/03/12. Deprecated and either replaced by
# individual patch-revision plugins, or has been deemed a
# non-security advisory.
#
include("compat.inc");

if (description)
{
  script_id(35194);
  script_version("1.15");
  script_cvs_date("Date: 2019/10/25 13:36:26");

  script_cve_id("CVE-2008-5422", "CVE-2008-5423", "CVE-2009-2489", "CVE-2009-2490", "CVE-2009-2491", "CVE-2009-4294", "CVE-2009-4295");

  script_name(english:"Solaris 10 (sparc) : 127553-08 (deprecated)");
  script_summary(english:"Check for patch 127553-08");

  script_set_attribute(
    attribute:"synopsis", 
    value:"This plugin has been deprecated."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Sun Ray Core Services version 4.0 Patch Update.
Date this patch was last updated by Sun : Feb/24/10

This plugin has been deprecated and either replaced with individual
127553 patch-revision plugins, or deemed non-security related."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://getupdates.oracle.com/readme/127553-08"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"n/a"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(200, 264, 310);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/02/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/12/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
  script_family(english:"Solaris Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");

  exit(0);
}

exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 127553 instead.");

References