:A vulnerability has been reported in Sun Ray Server Software, which can be exploited by malicious users to compromise a vulnerable system.The vulnerability is caused due to an unspecified error while running in Kiosk mode and can be exploited to execute arbitrary commands with root privileges.Successful exploitation requires Sun Ray Server Software administration privileges.The vulnerability is reported in version 4.0.Solution:Apply patches.– SPARC Platform –Sun Ray Server Software 4.0 for Solaris 10:Apply patch 128165-01 or later.– x86 Platform –Sun Ray Server Software 4.0 for Solaris 10:Apply patch 128166-01 or later.Sun Ray Server Software 4.0 for RHEL AS 4 and SLES 9:Apply patch 128167-01 or later.Provided and/or discovered by:Reported by the vendor.Original Advisory:http://sunsolve.sun.com/search/document.do?assetkey=1-66-236944-1

Original post by manisha