According to security firm Next Generation Security Software, the flaw affects the search facility in iPlanet Web server versions 4.1 and 6.0
IPlanet's search feature is turned off by default, but if it is enabled, a buffer overflow in the "NS-rel-doc-name" parameter can be exploited to give an attacker control over the execution of that process, according to NGSSoftware.
This could give an attacker the ability to run any code with the same access rights as the administrator account. The result is that a potential attacker could gain unfettered access and the ability to take over the server.
The flaw, which NGSSoftware called high-risk, can be fixed by applying patches from Sun ( wwws.sun.com/software/download/download/5261.html). A fix is also available as part of Service Pack 10.
Users of Sun ONE Web server 6.0 can download Service Pack 3 to fix the issue at wwws.sun.com/software/download/download/5262.html.