Hole in Sun ONE
A potentially serious vulnerability in Sun ONE Application Server creates a mechanism for crackers to run malicious code on Web servers.
A flaw in the NSAPI Connector Module, which connects a Sun ONE Application Server to Sun ONE Web Server (formerly iPlanet Enterprise Server), leaves the door open to stack buffer overflow attacks, security firm @stake warned last week.
In common with buffer overflow attacks, the flaw creates a way for crackers to create a malformed request that crashes a server and overwrite sensitive locations in memory with arbitrary code, where it might subsequently be executed.
Even though this exploit is yet to be coded up in a script-kiddie friendly exploit, sysadmins are urged to guard against the flaw.
The issue affects Sun ONE Application Server version 6.5 and earlier.
Sun ONE Application Server 6.5 SP1, available here, fixes the problem for users running the latest version of the software.
A fix for version 6.0 is not currently available. However @stake suggests a workaround designed to to verify the lengths of HTTP requests, as well as other mitigation strategies (explained in more detail in its advisory here). ®