iPlanet Web Server Vulnerable to Attackers

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article2/0,3959,365009,00.asp

July 9, 2002 
By Dennis Fisher 

There is a buffer overrun vulnerability in the iPlanet Web server that
gives a remote attacker the ability to run arbitrary code on
vulnerable machines.

The new vulnerability comes less than a month after the discovery of a
major flaw in the Apache Web server, the most popular server on the
Internet.

The iPlanet flaw is in the software's search function, which is
disabled by default. But, if the function is enabled, an attacker who
sends an overly long value for the "NS-rel-doc-name" parameter could
overwrite a return address on the memory stack.

The attacker would then have control over that process' execution, and
any code he supplies will run in the security context of the account
running the Web server, according to a bulletin published Tuesday by
Next Generation Security Software Ltd. On machines running Windows NT
or 2000, such code would run with the privileges of the local system
account.

Versions 4.1 and 6.0 of iPlanet are vulnerable, NGSS said. Sun
Microsystems Inc., which owns iPlanet, has included fixes for the
problem in service packs, available at sun.com.

Last month, security researchers at several firms discovered a flaw in
the way that Apache's HTTP server handles certain "chunked encoding"  
requests. Exploitation of the vulnerability could give an attacker
complete control of the Web server.

 

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.