X

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102927 Security Vulnerabilities in the SOCKS Module of Sun Java System Web Proxy Server 4.0

Guest Author
Product: Sun Java System Web Proxy Server 4.0

Two buffer overflows have been found in the SOCKS module of Sun Java System Web Proxy Server 4.0 which may allow a local or remote unprivileged user the ability to execute arbitrary code with the privileges of the SOCKS server or cause a Denial of Service (DoS) to the SOCKS server. The SOCKS server normally runs with root privileges.

One of the vulnerabilities (BugID 6537736) requires authentication before it can be exploited; however, the default configuration is for no authentication to be required to access the SOCKS server.

Sun acknowledges with thanks, iDefense (http://www.idefense.com), for bringing these issues to our attention.

These issues are also described in the following document:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536

Avoidance: Upgrade
State: Resolved
First released: 25-May-2007

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.