Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise

[kjarvis () ISS NET (Keith R. Jarvis)]

> > Affected Versions:
> >
> > This vulnerability affects all supported platforms of Enterprise and
> > FastTrack web servers. Enterprise 3.5.1 through 3.6sp2 and FastTrack 3.01
> > were found to be vulnerable. Earlier versions may be vulnerable but were not
> > tested by ISS X-Force.
>
> Does anyone know if this problem is fixed in 3.6sp3?  The release notes for
> sp3 include the following fixes:
>
>          359884.   Buffer overflow on large requests causes Security problems.
>          363755.   Buffer overflow in the HTTP Basic authentication.
>
> That second one certainly sounds very similar, but does anyone know for sure?

> From the Recommendations section of the advisory:

"Affected users should upgrade their systems immediately. This vulnerability
affects systems running  Administration Server with password protected areas
that rely on Basic Authentication. If you run any of the affected servers on
any platform, upgrade to iPlanet Web Server 4.0sp2 at:
http://www.iplanet.com/downloads/testdrive/detail_161_243.html. Netscape has
stated that FastTrack will not be patched. Although Netscape released
service pack 3 for Enterprise Server 3.6 that fixes the vulnerability in the
web server, the Administration Server remains vulnerable. If you are unable
to upgrade, ISS X-Force recommends that you block the Administration Server
port at the firewall to prevent outside attacks."

So the actual NES server was fixed in 3.6SP3 however the Admin server in that
version still suffers from the overflow.

- --krj

--
Keith R. Jarvis (kjarvis () iss net)             http://xforce.iss.net
Internet Security Systems, Inc.               +1-678-443-6149 (direct)
Adaptive Network Security for the Enterprise  +1-678-443-6479 (fax)