Note: This is an archival copy of Security Sun Alert 201648 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001227.1.
Date of Resolved Release
A buffer overflow vulnerability in the Sun Java System Web Proxy Server (Formerly Sun ONE Proxy Server) may allow a remote unprivileged user to execute arbitrary code on the system running the Web Proxy Server with the privileges of the server process.
Note: The default UID for the Web Proxy Server is "nobody", however, the administrator may have used a different UID from the default during installation or configuration.
This issue can occur in the following releases for all platforms:
Note: For supported architectures and OS versions see http://www.sun.com/software/products/web_proxy/home_web_proxy.xml
The Web Proxy Server may crash if the described buffer overflow vulnerabilities have been exploited.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following release:
which can be downloaded at http://www.sun.com/download/index.jsp under the "Web and Proxy Servers" selection.
Sun Java System Web Proxy Server 3.6
This solution has no attachment