has issued service packs to fix bugs in
the search function of its iPlanet Web server.
The buffer overrun vulnerabilities, detected by Next Generation Security
Software (NGSS), affects versions 4.1 and 6.0 of iPlanet. The flaw could
allow a remote attacker to run arbitrary code if the search function within
the Server is enabled. It is described as a high-risk bug.
By default, the vulnerable search function is turned off but, if enabled,
NGSS found that the iPlanet server is vulnerable to a remotely exploitable
By supplying an overly long value for the ‘NS-rel-doc-name’ parameter a
saved return address is overwritten on the stack, giving control over the
vulnerable process’ execution. Any code supplied will run in the security
context of the account running the web server.
On Windows NT/2000, for example, this account is the local SYSTEM account,
by default, so any code will run uninhibited, NGSS warned.
Service packs have been issued at Sun’s Web
site. Users of iPlanet Web Server 6 should install Service Pack 3 and
4.1 users should install Service Pack 10.
The iPlanet Web server bug comes on the heels of a chunk handling
vulnerability in versions of the open-source Apache Web server that
could cause denial-of-service attacks or allow an attacker to take remote
control of a server.
The detection of that bug, which harms Web servers based on Apache code
versions 1.3 through 1.3.24 and versions 2.0 through 2.0.36, has created bad
blood in the software security space with Apache officials upset they
weren’t first notified before the ISS issued its advisory and patch. “We
were also notified today by ISS that they had published the same issue which
has forced the early release of this advisory,” the Foundation said.
Security experts have spent the last few weeks attempting to decode a worm
that has been discovered
exploiting the Apache flaw.