Sun Alert 102927 Security Vulnerabilities in the SOCKS Module of Sun Java System Web Proxy Server 4.0
By security on Sep 14, 2007
Two buffer overflows have been found in the SOCKS module of Sun Java System Web Proxy Server 4.0 which may allow a local or remote unprivileged user the ability to execute arbitrary code with the privileges of the SOCKS server or cause a Denial of Service (DoS) to the SOCKS server. The SOCKS server normally runs with root privileges.
One of the vulnerabilities (BugID 6537736) requires authentication before it can be exploited; however, the default configuration is for no authentication to be required to access the SOCKS server.
Sun acknowledges with thanks, iDefense (http://www.idefense.com), for bringing these issues to our attention.
These issues are also described in the following document: