Sun Alert 102927 Security Vulnerabilities in the SOCKS Module of Sun Java System Web Proxy Server 4.0

Product: Sun Java System Web Proxy Server 4.0

Two buffer overflows have been found in the SOCKS module of Sun Java System Web Proxy Server 4.0 which may allow a local or remote unprivileged user the ability to execute arbitrary code with the privileges of the SOCKS server or cause a Denial of Service (DoS) to the SOCKS server. The SOCKS server normally runs with root privileges.

One of the vulnerabilities (BugID 6537736) requires authentication before it can be exploited; however, the default configuration is for no authentication to be required to access the SOCKS server.

Sun acknowledges with thanks, iDefense (http://www.idefense.com), for bringing these issues to our attention.

These issues are also described in the following document:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536

Avoidance: Upgrade
State: Resolved
First released: 25-May-2007
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today