Title

Unauthorized users have access to the Sun Ray administration tool. (Cat I impact)

Discussion

Unauthorized users accessing the Sun Ray administration tool could modify or disable the entire Sun Ray server or network. Unrestricted access may also give access to other operating system daemons and applications. Restricting access to only authorized users will ensure only approved users are able to access the Sun Ray administration tool.

Check Content

Request the documentation authorizing users to administer the Sun Ray Server. Compare this list with the list below. If there is a discrepancy, this is a finding. Open a terminal command line on the Solaris 10 server. Perform the following: # /opt/SUNWut/sbin/utadminuser If users listed here are not authorized to access the Sun Ray administration console, this is a finding.

Fix Text

Ensure only authorized users have access to the Sun Ray administration console.

Additional Identifiers

Rule ID:

Vulnerability ID: V-16072

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.