CVE-2008-5423

Name of the Vulnerable Software and Affected Versions Sun Sun Ray Server Software versions 3.x through 4.0 Sun Ray Windows Connector versions 1.1 through 2.0

Description The issue allows local users to discover the Sun Ray administration password, which can lead to obtaining admin access to the Data Store and Administration GUI. This is related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.

Recommendations For Sun Sun Ray Server Software versions 3.x through 4.0, consider restricting access to the utconfig component until a fix is available. For Sun Ray Windows Connector versions 1.1 through 2.0, consider disabling the uttscadm component as a temporary workaround to minimize the risk of exploitation.