Note: This is an archival copy of Security Sun Alert 201648 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001227.1.
Article ID : 1001227.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Buffer Overflow Vulnerabilities in Sun Java System Web Proxy Server 3.6

Category
Security

Release Phase
Resolved

Bug Id
5109863

Date of Resolved Release
19-APR-2005

Impact

A buffer overflow vulnerability in the Sun Java System Web Proxy Server (Formerly Sun ONE Proxy Server) may allow a remote unprivileged user to execute arbitrary code on the system running the Web Proxy Server with the privileges of the server process.

Note: The default UID for the Web Proxy Server is "nobody", however, the administrator may have used a different UID from the default during installation or configuration.


Contributing Factors

This issue can occur in the following releases for all platforms:

  • Sun Java System Web Proxy Server 3.6 Service Pack 6 and earlier

Note: For supported architectures and OS versions see http://www.sun.com/software/products/web_proxy/home_web_proxy.xml


Symptoms

The Web Proxy Server may crash if the described buffer overflow vulnerabilities have been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following release:

  • Sun Java System Web Proxy Server 3.6 Service Pack 7 and later

which can be downloaded at http://www.sun.com/download/index.jsp under the "Web and Proxy Servers" selection.



Modification History

Product
 Sun Java System Web Proxy Server 3.6













































Attachments
This solution has no attachment