Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ray_server_software | Sun | 1.3 (including) | 1.3 (including) |
| Ray_server_software | Sun | 2.0 (including) | 2.0 (including) |
References
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F53922
- http://www.kb.cert.org/vuls/id/100780
- http://www.securityfocus.com/bid/7457
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11905
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F53922
- http://www.kb.cert.org/vuls/id/100780
- http://www.securityfocus.com/bid/7457
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11905