Oracle Application Server ndwfn4.so buffer overflow

The shared library 'ndwfn4.so' that ships with Oracle Application Server is vulnerable to a buffer overflow. The library is used to handle web requests passed to it by the iPlanet web server. If the library is sent a request longer than approximately 2050 characters, it will overflow.

A request string could be constructed to trigger the overflow and allow a malicious remote user to execute unprivileged arbitrary code. No exploit is publically available.


 

Privacy Statement
Copyright 2010, SecurityFocus