Flaw in iPlanet Web server lets attackers run code


Flaw in iPlanet Web server lets attackers run code

Mike Simons
Users have been warned of a new security vulnerability in the search feature of Sun Microsystems's iPlanet Web server which can allow attackers to run programs remotely.

According to security firm Next Generation Security Software, the flaw affects the search facility in iPlanet Web server versions 4.1 and 6.0

IPlanet's search feature is turned off by default, but if it is enabled, a buffer overflow in the "NS-rel-doc-name" parameter can be exploited to give an attacker control over the execution of that process, according to NGSSoftware.

This could give an attacker the ability to run any code with the same access rights as the administrator account. The result is that a potential attacker could gain unfettered access and the ability to take over the server.

The flaw, which NGSSoftware called high-risk, can be fixed by applying patches from Sun ( wwws.sun.com/software/download/download/5261.html). A fix is also available as part of Service Pack 10.

Users of Sun ONE Web server 6.0 can download Service Pack 3 to fix the issue at wwws.sun.com/software/download/download/5262.html.
Related Topics: Web software, VIEW ALL TOPICS

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy