VULHUB ™

Sun Ray Server Software, when configured with NSCM, may allow remote users to inadvertently gain access as an alternate user. This vulnerability can be exploited remotely by a user whose client is issuing XDMCP to the Sun Ray server. Using the 'dtlogin' facility a remote user is able to login to a Sun Ray Server and find that they are logged in as another user. The remote user does not need an account on the Sun Ray server to take advantage of this vulnerability.

Sun Ray Server Software, when configured with NSCM, may allow remote users to inadvertently gain access as an alternate user. This vulnerability can be exploited remotely by a user whose client is issuing XDMCP to the Sun Ray server. Using the 'dtlogin' facility a remote user is able to login to a Sun Ray Server and find that they are logged in as another user. The remote user does not need an account on the Sun Ray server to take advantage of this vulnerability.