[ISN] Security firm finds a hole in Sun One

From: InfoSec News (isnat_private)
Date: Mon Mar 17 2003 - 03:14:45 PST

  • Next message: InfoSec News: "[ISN] Terror Alert Status Raised to Orange"

    http://www.nwfusion.com/news/2003/0314securfirm.html
    
    By David Legard
    IDG News Service
    03/14/03
    
    Security specialist @Stake says that a module that ships with Sun's
    Sun One Application Server has a flaw which could be exploited by
    outside attackers and which could give them control of the running Web
    server.
    
    The flaw is in the Connector Module, a Netscape Server Application
    Programming Interface (NSAPI) plug-in that integrates the Sun One Web
    Server with the Application Server.
    
    An overly long URI in an incoming HTTP request handled by the module
    could cause a stack buffer overflow, @Stake said in an advisory
    Thursday.
    
    The flaw affects Sun One Application Server 6.0 and Sun One
    Application Server 6.5. A patch is available for Version 6.5.
    
    No patch is available for Version 6.0, according to @Stake, but there
    are a number of workarounds.
    
    These include:
    
    * Writing an NSAPI module to inspect the length of HTTP request URIs.
    
    * Terminating the Secure Sockets Layer (SSL) session on a device
      before the Sun ONE Web server and installing an Intrusion Detection
      System sensor to monitor the clear-text traffic.
    
    * Terminating the SSL session on a reverse proxy that performs data
      validation on all HTTP request headers.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Mar 17 2003 - 06:34:33 PST