Sun Ray Server software utxconfig file manipulation
| sun-ray-utxconfig-file-manipulation (28260) |  Medium Risk |
Description:
An unspecified vulnerability in the Sun Ray Server software utxconfig utility for Sun Solaris could allow a local attacker to create or overwrite arbitrary files on the system.
Platforms Affected:
- Sun, Ray Server Software 3.0
- Sun, Solaris 10 x86
- Sun, Solaris 10 SPARC
- Sun, Solaris 8 x86
- Sun, Solaris 8 SPARC
- Sun, Solaris 9 SPARC
- Sun, Solaris 9 x86
Remedy:
Refer to Sun Alert ID: 101924 for patch, upgrade or suggested workaround information. See References.
Consequences:
File Manipulation
References:
- Sun Alert ID: 101924, Security Vulnerability in the Sun Ray Utility utxconfig(1) at http://sunsolve.sun.com/search/document.do?assetkey=1-26-101924-1.
- BID-19394: Sun Ray UTXConfig Local Arbitrary File Overwrite Vulnerability
- CVE-2006-4049: Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors.
- SA21398: Sun Ray Server Software utxconfig Privilege Escalation
- SECTRACK ID: 1016647: Sun Ray utxconfig Utility Lets Local Users Create or Modify Arbitrary Files
- VUPEN/ADV-2006-3226: Sun Ray Server Software utxconfig Utility Unspecified Privilege Escalation Vulnerability
Reported:
Aug 07, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net