Digital Edition

SYS-CON.TV
Sun Warns of Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server
Sun Warns of Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server

After Matt Moore of Pentest Limited, brought it to Sun's attention, the Santa Clara, CA-based computing giant has issued an official security alert regarding Sun Java System Web Proxy Server, on all platforms.

"Buffer overflow vulnerabilities in the Sun Java System Web Proxy Server may allow a remote unprivileged user to crash either the Web Proxy Server or the Admin Server (of the Web Proxy Server) or execute arbitrary code with the privileges of the respective server processes," says the alert, issued October 29, 2004.

"The recommended UIDs for the Web Proxy Server and Admin Server are 'nobody' and 'root' respectively, at installation time," the Sun Alert continues. "However, the administrator may have used different UIDs from the recommended ones during installation."

"There are no reliable symptoms that would indicate the described issues have been exploited to execute arbitrary code. The Web Proxy Server or Admin Server may crash if the buffer overflow vulnerabilities have been exploited."

There is no workaround, says Sun. But the issues are addressed in Sun Java System Web Proxy Server 3.6 Service Pack 5 or later.

Sun Java System Web Server releases are available for download at http://wwws.sun.com/software/download/products/4149bc42.html.

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Isn't this Matt Moore the guy who found that vulnerability last year in DB2 Universal Data Base v7.2 for Windows? I know IBM cured it in a Fixpak - Moore knows his stuff.




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news an...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018,...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing w...
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
"We host and fully manage cloud data services, whether we store, the data, move the data, or run ana...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | ...
Enterprise architects are increasingly adopting multi-cloud strategies as they seek to utilize exist...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As au...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud,...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 20...
Modern software design has fundamentally changed how we manage applications, causing many to turn to...
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost...