Buffer overflow in Sun Java System Web Proxy Server

Madrid, November 2, 2004 - Sun(*) has reported a buffer overflow vulnerability in Sun Java System Web Proxy Server 3.6, as well as releasing a Service Pack that fixes it.

This security problem can be classified as serious, as it could allow a remote user to cause the Web Proxy Server or the Web Proxy Server´s Admin Server to crash or to execute arbitrary code on the affected system. According to Sun, the server does not correctly handle CONNECT Request URIs and that the proxy administration server has various buffer management flaws. Sun Java System Web Proxy Server 3.6 Service Pack 4 and earlier are affected.

This vulnerability is corrected in Service Pack 5 (or later) for Sun Java System Web Proxy Server 3.6, which can be downloaded from: http://wwws.sun.com/software/download/products/4149bc42.html

(*) More information at: http://sunsolve.sun.com/search/document.do?assetey=1-26-57606-1

NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the ´cut´ and ´paste´ options to join the pieces of the URL.

Oxygen3 24h-365d
by Panda Software

2004-11-03 09:37

Back

IT News: