|
Note: This is an archival copy of Security Sun Alert 201623 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001216.1. |
Category Security Release Phase Resolved 4823974 Date of Resolved Release 09-JAN-2004 Impact A buffer overflow vulnerability in the Sun ONE/iPlanet Web Server and Sun ONE Application Server may be exploited by an unprivileged remote user to crash the web server, which is a type of Denial of Service (DoS) attack. Contributing Factors This issue can occur in the following releases for HP-UX, AIX, Linux and Windows:
Note: This issue does not occur on the Sun Solaris Platform. Symptoms If this vulnerability is successfully exploited, the webserver will crash and dump a core file. The system may log messages similar to the following in the "<SERVER_ROOT>/SERVER_INSTANCE/logs/error" file: catastrophe (22106): Server crash detected (signal SIGSEGV) Workaround There is no workaround. Please see the "Resolution" section below. Resolution This issue is addressed in the following release:
Note: Sun ONE/iPlanet Web Server in future releases is now Sun Java System Web Server. Sun ONE Application Server in future releases is now Sun Java System Application Server. The above releases/upgrades are available at: SunONE/iPlanet Web Server 4.1 at http://wwws.sun.com/software/download/products/4000473e.html. SunONE/iPlanet Web Server 6.0 at http://wwws.sun.com/software/download/products/3f186391.html. Sun Java System Application Server 7, Standard Edition Update 3 at http://wwws.sun.com/software/download/products/4043c7cc.html. Sun Java System Application Server 7, Platform Edition Update 3 at http://wwws.sun.com/software/download/products/4043c7b5.html. Note: Service Pack 14 is the final release for Web Server 4.1. Modification History Date: 24-FEB-2004
Product Sun ONE Application Server 7, Standard Edition Attachments This solution has no attachment | |||||||||||||||
|
|