This update addresses two vulnerabilities in the SOCKS module for Sun Java System Web Proxy Server 4.0 for all platforms (SPARC, x86, Linux, Windows, HP-UX, AIX). Two buffer overflows could be used to allow an attacker to initiate a Denial of Service or execute arbitrary code with the permissions of the SOCKS server. For reference, the SOCKS server is usually run as root. To resolve the issue, users should upgrade to Sun Java System Web Proxy Server 4.0.5 or later. If an upgrade is not convenient or possible, the SOCKS module should be disabled if it is not being used.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!
Leave a Reply