[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sun] Buffer Overflow im Sun Java System Web Proxy - Sun Alert ID #57763



-----BEGIN PGP SIGNED MESSAGE-----

Liebe Kolleginnen und Kollegen,

soeben erreichte uns das nachfolgende Bulletin des SUN Customer Warning
System. Wir geben diese Informationen unveraendert an Sie weiter.

Schwachstelle im Sun Java System Web Proxy Server

  Ein entfernter Angreifer kann einen Fehler im Sun Java System Web
  Proxy Server (frueherer Name Sun ONE ProxyServer) ausloesen und
  beliebigen Code mit den Berechtigungen des Servers ausfuellen.

  In der Standardinstallation laeuft der Sun Java System Web Proxy
  Server mit den Berechtigungen des benutzers "nobody".


Betroffen sind die folgenden Software Pakete und Plattformen:

  Sun Java System Web Proxy Server 3.6 Service Pack 6 und frueher in

  Sun Solaris 9, 8, und 2.6 (SPARC)
  Trusted Solaris 8 (SPARC)
  Hewlett-Packard HP-UX 11.0
  IBM AIX 4.3.3
  Windows NT 4 Service Pack 6
  Windows 2000 Server Service Pack 1
  Windows 2000 Advanced Server

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,

	Marco Thorbruegge, DFN-CERT

- -- 
Marco Thorbruegge (CSIRT), DFN-CERT Services GmbH
Web: https://www.dfn-cert.de/, Phone: +49-40-808077-555
PGP RSA/2048, AE662425, 7E5C A77A F91D 63D1 02AB 9526 53FF F1A0

   Document Audience: PUBLIC
   Document ID: 57763
   Title: Buffer Overflow Vulnerabilities in Sun Java System Web Proxy
   Server
   Update Date: 2005-04-19
     _________________________________________________________________
   
   Description Top
   
   Sun(sm) Alert Notification 
     * Sun Alert ID: 57763
     * Synopsis: Buffer Overflow Vulnerabilities in Sun Java System Web
       Proxy Server
     * Category: Security
     * Product: Sun Java System Web Proxy Server 3.6 Service Pack 6
     * BugIDs: 5109863
     * Avoidance: Upgrade
     * State: Resolved
     * Date Released: 19-Apr-2005
     * Date Closed: 19-Apr-2005
     * Date Modified:
       
   1. Impact A buffer overflow vulnerability in the Sun Java System Web
   Proxy Server (Formerly Sun ONE Proxy Server) may allow a remote
   unprivileged user to execute arbitrary code on the system running the
   Web Proxy Server with the privileges of the server process.
   
   Note: The default UID for the Web Proxy Server is "nobody", however,
   the administrator may have used a different UID from the default
   during installation or configuration.
   
   2. Contributing Factors This issue can occur in the following releases
   for all platforms:
   
     * Sun Java System Web Proxy Server 3.6 Service Pack 6 and earlier
       
   Note: For supported architectures and OS versions see
   http://www.sun.com/software/products/web_proxy/home_web_proxy.xml
   
   3. Symptoms The Web Proxy Server may crash if the described buffer
   overflow vulnerabilities have been exploited.
   
   Solution Summary Top
   
   4. Relief/Workaround There is no workaround. Please see the
   "Resolution" section below.
   
   5. Resolution This issue is addressed in the following release:
   
     * Sun Java System Web Proxy Server 3.6 Service Pack 7 and later
       
   which can be downloaded at http://www.sun.com/download/index.jsp under
   the "Web and Proxy Servers" selection.
   
   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided by
   third parties. The issues described in this Sun Alert notification may
   or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
   NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
   YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
   INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
   OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
   This Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions of
   your agreement to purchase services from Sun, or, if you do not have
   such an agreement, the Sun.com Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these
   agreements.
   
   Copyright 2000-2005 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQEVAgUBQmeUJXsh3gGuZiQlAQHlmQf/XH/dhxAiyzTRJEgNxaQFvFUBF/aKApH5
BIzuC7//TrWNY0Pqbah2iCP5UDJjhjGdDPIjYMGV1pV8AvZYL1eoAl2pKMPLgkxt
XeZ0Lufz8NIbeBD8F/g/RrwMv3vxPVwHE8jMR5aUJ25XZrFdhBSbDI4OuKKAw/55
/eLVwRBXEAwU4uKwmuO9+OFTaO/0tj62TzVz6elIRR5Op2Q3OMS+AdHvHTb8bYjc
28RYqCFo4Vt2VI8cDeKACD9q2MRHOJX9GPQqmMl4ycaID9R0oIpluWy5Ktzk5pMq
aqoe+yVdvcNlKF0OD3MIy9W27JNwhGJa/K0GbYH8muDn6NSAD6H1Tw==
=J9Tp
-----END PGP SIGNATURE-----