CERT-In Vulnerability Note CIVN-2007-67
Sun Java System Web Proxy Server SOCKS Module Buffer Overflow Vulnerabilities

Original Issue Date: June 01, 2007

Severity Rating: High


Systems Affected

• Sun Java System Web Proxy Server version 4.0.4 and prior

Overview

Two buffer overflows vulnerabilities have been found in the SOCKS module of Sun Java System Web Proxy Server 4.0.

Description

Two buffer overflows vulnerabilities have been reported in Sun Java System Web Proxy Server 4.0, due to errors in the SOCKS module.
A remote attacker who could successfully exploit this vulnerability could execute arbitrary code with "root" privileges.

Solution

Upgrade to Sun Java System Web Proxy Server version 4.0.5
http://www.sun.com/download/products.xml?id=4648dc96

Vendor Information

SUN
http://sunsolve.sun.com/search/printfriendly.do?assetkey=
1-26-102927-1

References

FrSIRT
http://www.frsirt.com/english/advisories/2007/1957

iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?
id=536

SUN
http://sunsolve.sun.com/search/document.do?assetkey=1-26-
102927-1

Secunia
http://secunia.com/advisories/25405/

Security Lab
http://en.securitylab.ru/notification/296780.php

CVE Name
CVE-2007-2881

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003