Executive Summary

Summary
Title Sun Alert 268228 Vulnerability in Sun Ray Server Software due to Logout Failure
Informations
Name SUN-268228 First vendor Publication 2009-12-10
Vendor Sun Last vendor Modification 2009-12-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.4 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Ray Server Software 4.1

When a local user logs out of a Sun Ray desktop session, the session may log the user back in again. The user may be unaware that the session has logged in again and is unlocked, which may allow another user to access to the desktop session.

The issue does not occur when one locks the screen or when the smartcard used to access a session is removed from the Sun Ray DTU.
State: Resolved
First released: 10-Dec-2009
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-268228-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_268228_vulnerability_in

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

Open Source Vulnerability Database (OSVDB)

Id Description
60975 Sun Ray Server Software Desktop Session Handling Automatic Re-login Weakness

Nessus® Vulnerability Scanner

Date Description
2014-01-07 Name : The remote host is missing Sun Security Patch number 139548-07
File : solaris10_139548.nasl - Type : ACT_GATHER_INFO