SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Sun ONE/iPlanet Web Server Vendors:   Netscape, Sun
iPlanet Web Server Allows Remote Users to Execute Arbitrary Code on the Server and to Crash the Server
SecurityTracker Alert ID:  1001541
SecurityTracker URL:  http://securitytracker.com/id/1001541
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  May 16 2001
Original Entry Date:  May 15 2001
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): v4.1 SP 3-7
Description:   iPlanet announced that there is a vulnerability in the iPlanet Web Server that allows a remote user to crash the web services. The vulnerability also allows a remote user to gain shell access on the server (note that iPlanet did not mention this latter impact in their advisory).

It is reported that two vulnerabilities have been identified within iPlanet Web Server(iWS).

In the first vulnerability, a remote user can send manipulated HTTP request headers to iPlanet Web Server, Enterprise Edition version 4.1 Service Packs 3 through 7 (iWS4.1sp3-7), to cause a denial of service condition. This applies only to iWS4.1sp3-7 on the Microsoft Windows NT platform (but the vendor still recommends that all customers upgrade, regardless of the platform).

In the second vulnerability , a remote user can send manipulated HTTP request headers to an iPlanet Web Server or Netscape Enterprise Server (NES) that has the Web Publisher feature enabled to cause a denial of service condition. A remote user can also obtain shell access via this vulnerability.

Impact:   A remote user can cause the web server application to crash. In the Web Publisher vulnerability, a remote user can obtain shell access on the server.
Solution:   The vendor has released a fix. See the Vendor URL.

The vendor recommends deployment of the following NSAPI:

aix_flexlog2.tgz
dec-osf1_flexlog2.tgz
hpux_flexlog2.tgz
linux_flexlog2.tgz
solaris_flexlog2.tgz
winnt_flexlog2.zip

Vendor URL:  www.iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(eEye Provides Exploit Information) Re: iPlanet Web Server Allows Remote Users to Execute Arbitrary Code on the Server and to Crash the Server
eEye Digital Security released an advisory that contains some additional exploit details, but not exploit code.
(Exploit Code for Denial of Service) Re: iPlanet Web Server Allows Remote Users to Execute Arbitrary Code on the Server and to Crash the Server
A demonstration exploit script for the denial of service vulnerability is provided.
(HP Issues Patch for Virtual Vault) Re: iPlanet Web Server Allows Remote Users to Execute Arbitrary Code on the Server and to Crash the Server
HP has released a patch for the Virtual Vault operating system.



 Source Message Contents

Subject:  iPlanet Web Server 4.1 SP 4-7 Product Alert


I've just detected a new Product Alert on iPlanets Web Site. I'm
sending this information because I was not able to find it in the
bugtraq archive yet. iPlanet does not seem to inform bugtraq
(why?). The information posted herein can be found in
http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html.

======================================================================

Important iPlanet Web Server 4.1 SP 3-7
Product Alert:
Recommend Immediate Patch/Upgrade
May 11, 2001
Two vulnerabilities have been identified within iPlanet Web Server(iWS):


1) A manipulation of the HTTP request headers sent to iWS, Enterprise
Edition version 4.1 Service Packs 3 through 7 (iWS4.1sp3-7) can be
exploited as a Denial of Service attack against users of iWS4.1sp3-7
on the Microsoft Windows NT platform*.

2) A manipulation of the HTTP request headers sent to iWS or Netscape
Enterprise Server (NES) that have the Web Publisher feature enabled
can be exploited as a Denial of Service attack.

The risk from these attacks is completely eliminated by deployment of

aix_flexlog2.tgz
dec-osf1_flexlog2.tgz
hpux_flexlog2.tgz
linux_flexlog2.tgz
solaris_flexlog2.tgz
winnt_flexlog2.zip

While only installations of iWS4.1sp3-7 on Windows NT are
immediately vulnerable to this attack, all users of iWS4.1sp3-7 are

======================================================================


_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC