Executive Summary
| Summary | |
|---|---|
| Title | Sun Alert 270549 A Security Vulnerability in the Generation of Encryption Keys for Sun Ray Firmware |
| Informations | |||
|---|---|---|---|
| Name | SUN-270549 | First vendor Publication | 2009-12-09 |
| Vendor | Sun | Last vendor Modification | 2009-12-09 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Sun Ray Server Software 4.0, Sun Ray Server Software 4.1 A security vulnerability in the generation of encryption keys for Sun Ray firmware may allow a remote unprivileged user, who is able to intercept network traffic, to predict the private key and decrypt the mouse, keyboard, and display traffic between the Sun Ray DTU and the Sun Ray Server. State: Resolved First released: 09-Dec-2009 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_270549_a_security |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-310 | Cryptographic Issues |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 60904 | Sun Ray Server Software Firmware Encryption Key Weakness Information Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-12-17 | Name : The remote host is missing Sun Security Patch number 127553-08 File : solaris10_127553.nasl - Type : ACT_GATHER_INFO |
