Digital Edition

SYS-CON.TV
Sun Warns of Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server
Sun Warns of Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server

After Matt Moore of Pentest Limited, brought it to Sun's attention, the Santa Clara, CA-based computing giant has issued an official security alert regarding Sun Java System Web Proxy Server, on all platforms.

"Buffer overflow vulnerabilities in the Sun Java System Web Proxy Server may allow a remote unprivileged user to crash either the Web Proxy Server or the Admin Server (of the Web Proxy Server) or execute arbitrary code with the privileges of the respective server processes," says the alert, issued October 29, 2004.

"The recommended UIDs for the Web Proxy Server and Admin Server are 'nobody' and 'root' respectively, at installation time," the Sun Alert continues. "However, the administrator may have used different UIDs from the recommended ones during installation."

"There are no reliable symptoms that would indicate the described issues have been exploited to execute arbitrary code. The Web Proxy Server or Admin Server may crash if the buffer overflow vulnerabilities have been exploited."

There is no workaround, says Sun. But the issues are addressed in Sun Java System Web Proxy Server 3.6 Service Pack 5 or later.

Sun Java System Web Server releases are available for download at http://wwws.sun.com/software/download/products/4149bc42.html.

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Isn't this Matt Moore the guy who found that vulnerability last year in DB2 Universal Data Base v7.2 for Windows? I know IBM cured it in a Fixpak - Moore knows his stuff.




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the U...
In an age of borderless networks, security for the cloud and security for the corporate network can ...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, ...
Blockchain has shifted from hype to reality across many industries including Financial Services, Sup...
Concerns about security, downtime and latency, budgets, and general unfamiliarity with cloud technol...
In very short order, the term "Blockchain" has lost an incredible amount of meaning. With too many j...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS...
Cloud Storage 2.0 has brought many innovations, including the availability of cloud storage services...
For enterprises to maintain business competitiveness in the digital economy, IT modernization is req...
Cloud-Native thinking and Serverless Computing are now the norm in financial services, manufacturing...
Most modern computer languages embed a lot of metadata in their application. We show how this goldmi...
Moving to Azure is the path to digital transformation, but not every journey is effective. Organizat...
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cl...
On-premise or off, you have powerful tools available to maximize the value of your infrastructure an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS...
DevOps has long focused on reinventing the SDLC (e.g. with CI/CD, ARA, pipeline automation etc.), wh...
Now is the time for a truly global DX event, to bring together the leading minds from the technology...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web...