CVE-2009-4295
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
11/12/2009
Last modified:
09/04/2025
Description
Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.
Impact
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sun:ray_server_software:4.0:*:linux:*:*:*:*:* | ||
| cpe:2.3:a:sun:ray_server_software:4.0:*:sparc:*:*:*:*:* | ||
| cpe:2.3:a:sun:ray_server_software:4.0:*:x86:*:*:*:*:* | ||
| cpe:2.3:a:sun:ray_server_software:4.1:*:linux:*:*:*:*:* | ||
| cpe:2.3:a:sun:ray_server_software:4.1:*:sparc:*:*:*:*:* | ||
| cpe:2.3:a:sun:ray_server_software:4.1:*:x86:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-07-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1
- http://www.securityfocus.com/bid/37285
- http://www.vupen.com/english/advisories/2009/3477
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-07-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1
- http://www.securityfocus.com/bid/37285
- http://www.vupen.com/english/advisories/2009/3477