In association with heise online

29 May 2007, 09:56

Code injection via Sun's Java System Web Proxy

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Sun's Java System Web Proxy, a collection of server applications, contains vulnerabilities which allow injection of malicious code. The collection includes a SOCKS server, in which crafted responses during protocol negotiation can cause buffer overflows, some of which might cause the service to crash. Because a watchdog process restarts the sockd service if it fails, attackers with access to the service can make repeated attempts to exploit the vulnerability. A valid user account is not required.

The vulnerability affects sockd in versions 4.0.4 and earlier for all platforms (Linux, Windows, HP-UX and AIX on SPARC and x86). If the SOCKS server is not required, it can simply be deactivated. Otherwise, access to the service should be restricted by means of firewall rules. In addition, Sun has released an updated version (4.0.5) of the software, in which the bug is no longer present.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit