TechTarget

Flaw in iPlanet Web server lets attackers run code

Users have been warned of a new security vulnerability in the search feature of Sun Microsystems's iPlanet Web server which can...

Users have been warned of a new security vulnerability in the search feature of Sun Microsystems's iPlanet Web server which can allow attackers to run programs remotely.

According to security firm Next Generation Security Software, the flaw affects the search facility in iPlanet Web server versions 4.1 and 6.0

IPlanet's search feature is turned off by default, but if it is enabled, a buffer overflow in the "NS-rel-doc-name" parameter can be exploited to give an attacker control over the execution of that process, according to NGSSoftware.

This could give an attacker the ability to run any code with the same access rights as the administrator account. The result is that a potential attacker could gain unfettered access and the ability to take over the server.

The flaw, which NGSSoftware called high-risk, can be fixed by applying patches from Sun ( wwws.sun.com/software/download/download/5261.html). A fix is also available as part of Service Pack 10.

Users of Sun ONE Web server 6.0 can download Service Pack 3 to fix the issue at wwws.sun.com/software/download/download/5262.html.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close