Note: This is an archival copy of Security Sun Alert 201623 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001216.1.
Date of Resolved Release
A buffer overflow vulnerability in the Sun ONE/iPlanet Web Server and Sun ONE Application Server may be exploited by an unprivileged remote user to crash the web server, which is a type of Denial of Service (DoS) attack.
This issue can occur in the following releases for HP-UX, AIX, Linux and Windows:
Note: This issue does not occur on the Sun Solaris Platform.
If this vulnerability is successfully exploited, the webserver will crash and dump a core file. The system may log messages similar to the following in the "<SERVER_ROOT>/SERVER_INSTANCE/logs/error" file:
catastrophe (22106): Server crash detected (signal SIGSEGV)
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following release:
Note: Sun ONE/iPlanet Web Server in future releases is now Sun Java System Web Server. Sun ONE Application Server in future releases is now Sun Java System Application Server.
The above releases/upgrades are available at:
SunONE/iPlanet Web Server 4.1 at http://wwws.sun.com/software/download/products/4000473e.html.
SunONE/iPlanet Web Server 6.0 at http://wwws.sun.com/software/download/products/3f186391.html.
Sun Java System Application Server 7, Standard Edition Update 3 at http://wwws.sun.com/software/download/products/4043c7cc.html.
Sun Java System Application Server 7, Platform Edition Update 3 at http://wwws.sun.com/software/download/products/4043c7b5.html.
Note: Service Pack 14 is the final release for Web Server 4.1.
Sun ONE Application Server 7, Standard Edition
This solution has no attachment