• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

iPlanet Web Server Search Component Buffer Overflow Vulnerability

iPlanet Webserver is an http server product offered by Sun Microsystems.

A stack-based overflow condition has been reported in versions of iPlanet Web Server. The vulnerability occurs in the Search component of iPlanet Web Server. An attacker is able to submit an overly long value to the 'NS-rel-doc-name' parameter to cause the buffer overflow condition. This could potentially allow for malicious clients to execute arbitrary code on (and gain control of) iPlanet hosts. Sending data not specially constructed to execute code could cause the server to crash.