Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Sun ONE Application Server NSAPI buffer overflow

Sun ONE Application Server NSAPI buffer overflow

by Mario Miri on April 4th, 2003 Remotely exploitable buffer overflow bug exists in Sun's ONE Application Server. An attacker can request an URI of excessive length which is passed to the NSAPI Connector module which results with memory overwrite with potential danger of arbitrary code execution.t


Vulnerable:
Sun ONE Application Server 6.0
Sun ONE Application Server 6.0 SP1
Sun ONE Application Server 6.0 SP2
Sun ONE Application Server 6.0 SP3
Sun ONE Application Server 6.0 SP4
Sun ONE Application Server 6.5
Sun ONE Application Server 6.5 MU1
Sun ONE Application Server 6.5 MU2


Not vulnerable:
Sun ONE Application Server 6.5 SP1
Sun ONE Application Server 6.5 MU3
Sun ONE Application Server 7.0 Standard Edition
Sun ONE Application Server 7.0 Platform Edition


Solution:
Sun has released fixes:
http://wwws.sun.com/software/download/app_servers.html


Discovered by:
@stake


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »