Note: This is an archival copy of Security Sun Alert 242986 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1019652.1.
Sun Java System Web Proxy Server 4.0
Date of Resolved Release
A Security vulnerability in the FTP subsytem of Sun Java System Web Proxy Server 4.0:
A Security vulnerability in the FTP subsytem of Sun Java System Web Proxy Server 4.0 may allow a local or remote unprivileged user to execute arbitrary code.
Sun acknowledges, with thanks, iDefense for bringing this issue to our attention.
2. Contributing Factors
This issue can occur in the following releases:
$ <ps_install>/bin/proxy/bin/proxyd -v(Where <ps_install> is the installation directory of the Proxy Server).
There are no predictable symptoms to indicate that this issue has been exploited to execute arbitrary code.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment