Advisory: Sun Ray Security Vulnerability with Non-Smartcard Mobility (NSCM)

Sun Ray Security Vulnerability with Non-Smartcard Mobility (NSCM)
44069
Published: 2002-05-30 13:55:15
Updated: 2002-05-30 13:55:15

DOCUMENT ID: 44069
SYNOPSIS: Sun Ray Security Vulnerability with Non-Smartcard Mobility (NSCM)
DETAIL DESCRIPTION:
Sun(sm) Alert Notification

* Sun Alert ID: 44069
*

Synopsis: Sun Ray Security Vulnerability with Non-Smartcard Mobility (NSCM)
*

Category: Security
*

Product: Sun Ray Software 1.3
* BugIDs: 4660438
* Avoidance: Patch
*

State: Resolved
* Date Released: 30-May-2002
* Date Closed: 30-May-2002
* Date Modified:

1. Impact

It may be possible for a user to login to a Solaris 8 Sun Ray server which is configured to use non-smartcard mobility (NSCM) and inadvertently be logged in as a different user. Note that the initial user has to be on a client that is issuing XDMCP to the Sun Ray server that has this security vulnerability. The initial user does not have to have an account on the Sun Ray server itself.

2. Contributing Factors

This issue can occur on the following configurations:

* Sun Ray Server Software (SRSS) 1.3 with CDE patch 108919-14 (for Solaris 8) and without patch 111891-05

Note: SRSS 1.2 and earlier are not affected.

To determine if a Sun Ray server is configured to use NSCM, run the following command and note the output:

$ /opt/SUNWut/sbin/utpolicy
# Reading policy file: /etc/opt/SUNWut/policy/utpolicy
# Current Policy:
/opt/SUNWut/sbin/utpolicy -a -m -M -g -z both

If the "-M" switch is present, it means that the Sun Ray server is running NSCM and could potentially be vulnerable to the described issue.
3. Symptoms

A user may use "dtlogin" Options/Remote Login to a Sun Ray Server and find themselves automatically logged in as a different user if NSCM is enabled on that Sun Ray server. The originating system does not necessarily need to be a Sun Ray server, it can be any system which supports XDMCP clients. See xdm(1) man page for more information.

SOLUTION SUMMARY:
4. Relief/Workaround

A workaround is available but requires contacting your local Sun Enterprise Service support representative.

5. Resolution

This issue is addressed in the following releases:

* Sun Ray Server Software (SRSS) 1.3 with patch 111891-05 or later

This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.