Vulnerability Description
Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Ray Server Software | 4.0 |
Related Weaknesses (CWE)
References
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-07-1Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1Vendor Advisory
- http://www.securityfocus.com/bid/37285Patch
- http://www.vupen.com/english/advisories/2009/3477Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-07-1Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1Vendor Advisory
- http://www.securityfocus.com/bid/37285Patch
- http://www.vupen.com/english/advisories/2009/3477Vendor Advisory
FAQ
What is CVE-2009-4295?
CVE-2009-4295 is a vulnerability with a CVSS score of 7.8 (HIGH). Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sen...
How severe is CVE-2009-4295?
CVE-2009-4295 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4295?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Ray Server Software.