Vulnerability CVE-2009-4314

Vulnerability CVE-2009-4314

Published: 2009-12-14 Modified: 2012-02-13

Description:

Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.4/10	6.4/10	3.4/10

Exploit range	Attack complexity	Authentication
Local	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
SUN -> Ray server software

References:

http://sunsolve.sun.com/search/document.do?assetkey=1-66-268228-1

http://sunsolve.sun.com/search/document.do?assetkey=1-21-139548-03-1

Copyright 2024, cxsecurity.com