CVE-2009-4295

Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.

Published: Dec 11, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-4295
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
sun / ray_server_software	4.1	4.1.x
sun / ray_server_software	4.0	4.0.x

http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-07-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1
http://www.securityfocus.com/bid/37285
http://www.vupen.com/english/advisories/2009/3477

Vulnerability Database

290,020

CVE-2009-4295