SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#262352

Sun Secure Global Desktop Software (SSGD) contains multiple cross-site scripting vulnerabilities

Overview

The Sun Secure Global Desktop (SSGD) contains cross-site scripting vulnerabilities.

I. Description

Sun Secure Global Desktop (formerly Tarantella) contains multiple input validation vulnerabilities due to failure to properly sanitize user input. The following modules do not properly filter HTML code from user input, facilitating cross-site scripting attacks:
  • taarchives.cgi
  • ttaAuthentication.jsp
  • ttalicense.cgi
  • ttawlogin.cgi
  • ttawebtop.cgi
  • ttaabout.cgi
  • test-cgi
    Sun states that this issue affects Sun Secure Global Desktop Software 4.2 prior to build 4.20.983 for Solaris 8 and 9 on the SPARC platform, Solaris 10 on the SPARC and x86 platforms, and the Linux platform.

    II. Impact

    A remote attacker may be able to execute arbitrary script commands in the context of a victim user. Secondary impacts include: theft of cookie information, session hijacking, and loss of data privacy between a client and the intended server.

    III. Solution

    Apply an update


    Sun has addressed this vulnerability in the latest build of Sun Secure Global Desktop.

    Systems Affected

    VendorStatusDate NotifiedDate Updated
    Sun Microsystems, Inc.Vulnerable31-Oct-2006

    References


    http://sunsolve.sun.com/search/document.do?assetkey=1-26-102650-1
    http://www.securityfocus.com/bid/20135
    http://www.securityfocus.com/bid/20276
    http://www.frsirt.com/english/advisories/2006/3739
    http://securitytracker.com/id?1016900
    http://secunia.com/advisories/22037
    http://xforce.iss.net/xforce/xfdb/29070
    http://xforce.iss.net/xforce/xfdb/29303

    Credit

    This issue was reported by SUN in document 102650. Sun thanks Marc Ruef of scip AG for reporting this issue.

    This document was written by Katie Steiner.

    Other Information

    Date Public:2006-09-21
    Date First Published:2006-12-13
    Date Last Updated:2006-12-20
    CERT Advisory: 
    CVE-ID(s):CVE-2006-4958
    NVD-ID(s):CVE-2006-4958
    US-CERT Technical Alerts: 
    Metric:13.50
    Document Revision:14

    If you have feedback, comments, or additional information about this vulnerability, please send us email.
     

    		 
    Page Corner Image
    Produced 2006 by US-CERT, a government organization
    Disclaimers and copyright information
    Get Adobe Reader Get Adobe Reader