Flaw in iPlanet Web server lets attackers run code

Home
Topics
Enterprise software
Business applications
Flaw in iPlanet Web server lets attackers run code

News

Flaw in iPlanet Web server lets attackers run code

Mike Simons

Users have been warned of a new security vulnerability in the search feature of Sun Microsystems's iPlanet Web server which can allow attackers to run programs remotely.

According to security firm Next Generation Security Software, the flaw affects the search facility in iPlanet Web server versions 4.1 and 6.0

IPlanet's search feature is turned off by default, but if it is enabled, a buffer overflow in the "NS-rel-doc-name" parameter can be exploited to give an attacker control over the execution of that process, according to NGSSoftware.

This could give an attacker the ability to run any code with the same access rights as the administrator account. The result is that a potential attacker could gain unfettered access and the ability to take over the server.

The flaw, which NGSSoftware called high-risk, can be fixed by applying patches from Sun ( wwws.sun.com/software/download/download/5261.html). A fix is also available as part of Service Pack 10.

Users of Sun ONE Web server 6.0 can download Service Pack 3 to fix the issue at wwws.sun.com/software/download/download/5262.html.

Related Topics: Business applications, Web software, VIEW ALL TOPICS

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Read More

Show me more

COMMENTS powered by Disqus // Commenting policy

More from Related TechTarget Sites

CIO
Security UK
Networking UK
Virtual Data Centre
Data Management UK

CIO
- Download the latest Enterprise CIO Decisions issues
  
  Download the latest Enterprise CIO Decisions issues
- Innovation and agility start with application process optimization
  
  This tip discusses how to achieve the goals of business process reengineering, including application process optimization for innovation and agility.
- Agile development methodologies, transparency pay dividends for NYSE
  
  A chief digital officer's bullishness on agile development methodologies and transparency led to NYSE Euronext's Web success.
Security UK
- Prep and test your Olympics 2012 security contingency plans
  
  To maintain information security during the 2012 Olympics, security and IT contingency plans must be tested in several key areas.
- File upload security best practices: Block a malicious file upload
  
  Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks.
- MDM, security vendors scramble to address BYOD security issues
  
  Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products.
Networking UK
- Cisco Live London: 40 and 100 GbE, souped up WLAN
  
  At Cisco Live London, Cisco launched 40 and 100 GbE switching, a souped-up 4-antenna WLAN access point, and a host of network virtualisation technologies.
- UK Networkers should gear up for mobility implementations in 2012
  
  Companies are rethinking legacy tools to take advantage of what users get from having access to data and applications across all kinds of devices, according to TechTarget’s 2012 IT Priorities Survey.
- Cloud gets vote of confidence from UK buyers in 2012 IT priorities
  
  The cloud is set to be a key investment area for UK buyers in 2012 with 30.5% of IT buyers pledging to spend on the technology, according to TechTarget’s 2012 IT Priorities Survey.
Virtual Data Centre
- Data centre design: Using engineered racks, pods and containers
  
  IT pros must adopt a new approach to data centre design and consider using engineered racks, pods and containerised systems for better scalability, capacity and efficiency.
- Microsoft volume licensing costs to increase up to 33.5%
  
  Microsoft will increase its volume licensing prices in the UK between 7.5% and 33.5% starting July 1 to maintain price consistency owing to the sustained currency difference in Europe.
- VMware vSphere 5 storage features: Part two
  
  VMware vSphere 5 storage features include Storage DRS, VSA and data store clusters. IT pros can learn what these features bring to their infrastructure and how best to use them.
DataManagement UK
- Organisational design for analytics function needs governance
  
  Scant are the absolute rules for the organizational design of the analytics function. It can be outsourced or in-house; sit within a business unit or run from the centre. But it needs governance.
- History lesson points way forward on data management projects
  
  Data management projects often suffer from historic amnesia. Projects that co-locate business and IT staff and keep to a manageable scale can achieve remarkable results, says consultant Andy Hayler.
- NEC Europe has yen for Host Analytics’ financial planning
  
  NEC Europe has signed up to use Host Analytics' cloud-based financial planning service to better integrate an acquisition and support its growth plans.

All Rights Reserved, Copyright 2000 - 2012, TechTarget