CVE-2008-5422
https://notcve.org/view.php?id=CVE-2008-5422
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. Sun Sun Ray Server Software v3.1 a v4.0 no restringe el acceso apropiadamente, lo que permite a atacantes remotos descubrir la contraseña de administración de Sun Ray y obtener acceso admin a el Data Store y la Administration GUI, mediante vectores no especificados. • http://secunia.com/advisories/33108 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1 http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm http://www.securityfocus.com/bid/32769 http://www.securitytracker.com/id?1021383 http://www.vupen.com/english/advisories/2008/3406 https://exchange.xforce.ibmcloud.com/vulnerabilities/47253 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5423
https://notcve.org/view.php?id=CVE-2008-5423
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. Sun Ray Server Software v3.x y v4.0 y Sun Ray Windows Connector v1.1 y v2.0 exponen la contraseña LDAP durante un paso de configuración, lo que permite a usuarios locales descubrir la contraseña de administración de Sun Ray y obtener acceso admin a el Data Store y el Administration GUI, mediante vectores no especificados relacionados con el componente utconfig de el Server Software y el componente uttscadm de el Windows Connector. • http://secunia.com/advisories/33108 http://secunia.com/advisories/33119 http://securitytracker.com/id?1021379 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1 http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm http://www.securityfocus.com/bid/32772 http://www.vupen.com/english/advisories/2008/3406 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-5410
https://notcve.org/view.php?id=CVE-2008-5410
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. La caché PK11_SESSION en el motor OpenSSL PKCS#11 en Sun Solaris 10 no mantiene la cuenta de referencia para operaciones con claves asimétricas, lo que permite a atacantes dependientes del contexto provocar una denegación de servicio (fallos en las operaciones criptográficas) a través de vectores desconocidos, relacionado con las funciones (1) RSA_sign y (2) RSA_verify. • http://secunia.com/advisories/33050 http://sunsolve.sun.com/search/document.do?assetkey=1-21-138863-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139459-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-246846-1 http://www.securityfocus.com/bid/32671 http://www.securitytracker.com/id?1021358 http://www.vupen.com/english/advisories/2008/3372 https://exchange.xforce.ibmcloud.com/vulnerabilities/47137 https://oval.cisecurity.org/repository/search/definition • CWE-310: Cryptographic Issues •
CVE-2008-5133
https://notcve.org/view.php?id=CVE-2008-5133
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named. ipnat en IP Filter de Sun Solaris v10 y OpenSolaris anteriores a snv_96, cuando se ejecutan en servidor DNS con traducción de direcciones de red (NAT) configurado cambia el puerto origen de forma incorrecta cuando el puerto destino es el puerto DNS, lo que permite a atacantes remotos evitar e intentar el mecanismo de protección CVE-2008-1447 y espíar las respuestas a solicitudes DNS enviadas por nombre. • http://secunia.com/advisories/32625 http://sunsolve.sun.com/search/document.do?assetkey=1-26-245206-1 http://www.vupen.com/english/advisories/2008/3129 https://exchange.xforce.ibmcloud.com/vulnerabilities/46721 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5111
https://notcve.org/view.php?id=CVE-2008-5111
Unspecified vulnerability in the socket function in Sun Solaris 10 and OpenSolaris snv_57 through snv_91, when InfiniBand hardware is not installed, allows local users to cause a denial of service (panic) via unknown vectors, related to the socksdpv_close function. Una vulnerabilidad sin especificar en la función socket de Sun Solaris 10 y OpenSolaris snv_57 a la snv_91, cuando Infiniband hardware no está instalado, permite a usuarios locales causar una denegación de servicio (causando un panic) a través de vectores desconocidos, relacionados con la función socksdpv_close. • http://osvdb.org/49854 http://secunia.com/advisories/32611 http://securitytracker.com/id?1021231 http://sunsolve.sun.com/search/document.do?assetkey=1-26-242806-1 http://www.securityfocus.com/bid/32296 https://exchange.xforce.ibmcloud.com/vulnerabilities/46611 •