The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102657 Security Vulnerability With RSA Signature Affects the Sun Secure Global Desktop Software

Guest Author
Product: Sun Secure Global Desktop Software 4.2

Sun Secure Global Desktop (SSGD) software 4.2 is impacted by an RSA signature forgery vulnerability. This vulnerability may allow an untrusted server to present a forged identity to clients connecting to that server when secure connections are in use.

This vulnerability may also affect SSGD servers which are configured to use web server authentication and client certificates. Under these circumstances, it may be possible for a local or remote unprivileged user to forge a valid identity and log in to an SSGD server, allowing unauthorized access to the applications available for that identity.

This issue is also described in the following documents:

CERT VU#845620 at http://www.kb.cert.org/vuls/id/845620

CVE-2006-4339 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

Note: The issue described in this Sun Alert is specific to Sun Secure Global Desktop Software. Multiple Sun products are affected by this issue; for more details please see Sun Alert 102648 at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1

Avoidance: Upgrade
State: Resolved 
First released: 06-Oct-2006

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.