| Title: | Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server |
| Announcement date: | 29th October 2004 |
| Advisory Reference: | ptl-2004-06 |
| Products: | Sun Java System Web Proxy Server |
| Vulnerability Type: | Remote Code Execution / Elevation of Privileges |
| Vendor-URL: | http://sunsolve.sun.com/search/document.do?assetkey=1-26-57606-1&searchclause=security |
| Vendor-Status: | Upgrade Required |
| Remotely Exploitable: | Yes |
| Locally Exploitable: | Yes |
| Advisory URL: | http://www.pentest.co.uk |
Numerous buffer overflow vulnerabilities were discovered in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) that could allow an unprivileged remote user to crash either the Web Proxy Server or Admin Server (of the Web Proxy Server), it may also be possible to execute arbitrary code with the privileges of the respective server processes.
Sun Java System Web Proxy Server 3.6 Service Pack 4 or earlier are affected
Customers can install the latest version of Sun Java System Web Proxy Server (Service Pack 5) from: http://wwws.sun.com/software/download/products/4149bc42.html
