Flaw in iPlanet Web server lets attackers run code

News

Flaw in iPlanet Web server lets attackers run code

Mike Simons
Users have been warned of a new security vulnerability in the search feature of Sun Microsystems's iPlanet Web server which can allow attackers to run programs remotely.

According to security firm Next Generation Security Software, the flaw affects the search facility in iPlanet Web server versions 4.1 and 6.0

IPlanet's search feature is turned off by default, but if it is enabled, a buffer overflow in the "NS-rel-doc-name" parameter can be exploited to give an attacker control over the execution of that process, according to NGSSoftware.

This could give an attacker the ability to run any code with the same access rights as the administrator account. The result is that a potential attacker could gain unfettered access and the ability to take over the server.

The flaw, which NGSSoftware called high-risk, can be fixed by applying patches from Sun ( wwws.sun.com/software/download/download/5261.html). A fix is also available as part of Service Pack 10.

Users of Sun ONE Web server 6.0 can download Service Pack 3 to fix the issue at wwws.sun.com/software/download/download/5262.html.
Related Topics: Web software, VIEW ALL TOPICS

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy