Security Vulnerabilities in the SOCKS Module of Sun Java System Web Proxy Server 4.0 |
|
| Category : | Security |
| Release Phase : | Resolved |
| Product : | Sun Java System Web Proxy Server 4.0
|
| Bug Id : | 6537736, 6537745
|
| Date of Resolved Release : | 25-MAY-2007
|
Two buffer overflows have been found in the SOCKS module of Sun Java System Web Proxy Server 4.0 which may allow a local or remote unprivileged user the ability to execute arbitrary code with the privileges of the SOCKS server or cause a Denial of Service (DoS) to the SOCKS server. The SOCKS server normally runs with root privileges.
One of the vulnerabilities (BugID 6537736) requires authentication before it can be exploited; however, the default configuration is for no authentication to be required to access the SOCKS server.
Sun acknowledges with thanks, iDefense (http://www.idefense.com), for bringing these issues to our attention.
These issues are also described in the following document:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536
Contributing Factors
These issues can occur in the following releases:
SPARC Platform
- Sun Java System Web Proxy Server 4.0 without Service Pack 5
- Sun Java System Web Proxy Server 4.0 without patch 120981-12
x86 Platform
- Sun Java System Web Proxy Server 4.0 without Service Pack 5
- Sun Java System Web Proxy Server 4.0 without patch 120982-12
Linux
- Sun Java System Web Proxy Server 4.0 without Service Pack 5
- Sun Java System Web Proxy Server 4.0 without patch 120983-12
HP-UX
- Sun Java System Web Proxy Server 4.0 without Service Pack 5
- Sun Java System Web Proxy Server 4.0 without patch 123532-02
Windows
- Sun Java System Web Proxy Server 4.0 without Service Pack 5
- Sun Java System Web Proxy Server 4.0 without patch 126325-02
To determine the version of Sun Java System Proxy Server on a system, the following command can be run:
$ <ps_install>/bin/ns-proxy -v
Sun ONE Web Proxy Server 3.6-SP9 B2006.191.1801 SP9
(Where <ps_install> is the installation directory of the Proxy Server).
Symptoms
There are no predictable symptoms that would indicate the described issues have been exploited.
Workaround
To prevent these issues until an upgrade or patches can be applied, the SOCKS proxy server should be disabled if it is not being utilized. This can be accomplished by shutting down the SOCKS server using the 'stop-sockd' script under the Proxy Server instance directory.
Resolution
These issues are addressed in the following releases:
SPARC Platform
- Sun Java System Web Proxy Server 4.0 with Service Pack 5 or later
- Sun Java System Web Proxy Server 4.0 with patch 120981-12 or later
x86 Platform
- Sun Java System Web Proxy Server 4.0 with Service Pack 5 or later
- Sun Java System Web Proxy Server 4.0 with patch 120982-12 or later
Linux
- Sun Java System Web Proxy Server 4.0 with Service Pack 5 or later
- Sun Java System Web Proxy Server 4.0 with patch 120983-12 or later
HP-UX
- Sun Java System Web Proxy Server 4.0 with Service Pack 5 or later
- Sun Java System Web Proxy Server 4.0 with patch 123532-02 or later
Windows
- Sun Java System Web Proxy Server 4.0 with Service Pack 5 or later
- Sun Java System Web Proxy Server 4.0 with patch 126325-02 or later
Sun Java System Web Proxy Server 4.0 Service Pack 5 is available for download at http://www.sun.com/download/products.xml?id=4648dc96
Modification HistoryDate: 26-JUL-2007
- Updated Contributing Factors and Resolution sections
Date: 10-SEP-2007
- Updated Contributing Factors and Resolution sections
Date: 14-SEP-2007
- Updated Contributing Factors and Resolution sections
AttachmentsThis solution has no attachment
|
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Sun Contracted Content
Sun Contracted Feature
