Pentest Security Advisory : PTL-2004-06
Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server

Advisory Details

Title: Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server
Announcement date: 29th October 2004
Advisory Reference: ptl-2004-06
Products: Sun Java System Web Proxy Server
Vulnerability Type: Remote Code Execution / Elevation of Privileges
Vendor-URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57606-1&searchclause=security
Vendor-Status: Upgrade Required
Remotely Exploitable: Yes
Locally Exploitable: Yes
Advisory URL: http://www.pentest.co.uk

Vulnerability Description

Numerous buffer overflow vulnerabilities were discovered in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) that could allow an unprivileged remote user to crash either the Web Proxy Server or Admin Server (of the Web Proxy Server), it may also be possible to execute arbitrary code with the privileges of the respective server processes.

Vulnerable Versions

Sun Java System Web Proxy Server 3.6 Service Pack 4 or earlier are affected

Fix / Workarounds

Customers can install the latest version of Sun Java System Web Proxy Server (Service Pack 5) from: http://wwws.sun.com/software/download/products/4149bc42.html

arrow morePTL-2005-01

PTL-2004-05arrow more

Security Services

Pentest offers a thorough, yet adaptive range of security services to help customers address vulnerabilities in their network or applications. Services include: Secure Coding Workshops, SAST tools, Manual Penetration Testing and Security Audits.

read more arrow more

Database Services

Pentest offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these systems.

read more arrow more

© Copyright Pentest Limited 2001 - 2016 All Rights Reserved. Privacy statement