Digital Edition

SYS-CON.TV
Sun Warns of Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server
Sun Warns of Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server

After Matt Moore of Pentest Limited, brought it to Sun's attention, the Santa Clara, CA-based computing giant has issued an official security alert regarding Sun Java System Web Proxy Server, on all platforms.

"Buffer overflow vulnerabilities in the Sun Java System Web Proxy Server may allow a remote unprivileged user to crash either the Web Proxy Server or the Admin Server (of the Web Proxy Server) or execute arbitrary code with the privileges of the respective server processes," says the alert, issued October 29, 2004.

"The recommended UIDs for the Web Proxy Server and Admin Server are 'nobody' and 'root' respectively, at installation time," the Sun Alert continues. "However, the administrator may have used different UIDs from the recommended ones during installation."

"There are no reliable symptoms that would indicate the described issues have been exploited to execute arbitrary code. The Web Proxy Server or Admin Server may crash if the buffer overflow vulnerabilities have been exploited."

There is no workaround, says Sun. But the issues are addressed in Sun Java System Web Proxy Server 3.6 Service Pack 5 or later.

Sun Java System Web Server releases are available for download at http://wwws.sun.com/software/download/products/4149bc42.html.

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Isn't this Matt Moore the guy who found that vulnerability last year in DB2 Universal Data Base v7.2 for Windows? I know IBM cured it in a Fixpak - Moore knows his stuff.




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the m...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism...
Technological progress can be expressed as layers of abstraction - higher layers are built on top of...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience w...
NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikerne...
SUSE is a German-based, multinational, open-source software company that develops and sells Linux pr...
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are rep...
When building large, cloud-based applications that operate at a high scale, it’s important to mainta...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements...
Dynatrace is an application performance management software company with products for the informatio...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
All in Mobile is a mobile app agency that helps enterprise companies and next generation startups bu...
Yottabyte is a software-defined data center (SDDC) company headquartered in Bloomfield Township, Oak...
Serveless Architectures brings the ability to independently scale, deploy and heal based on workload...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it wil...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (No...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...