CVE-2009-4295 Information

Description

Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1 1g 100 and 150 DTU device which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.

Reference

http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-07-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-270549-1 http://www.securityfocus.com/bid/37285 http://www.vupen.com/english/advisories/2009/3477