• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Netscape Enterprise & FastTrack Authentication Buffer Overflow Vulnerability

Solution:
As taken from the ISS Advisory which is listed in full in the 'Credit' secion of this advisory.

Affected users should upgrade their systems immediately. This vulnerability affects systems running Administration Server with password protected areas that rely on Basic Authentication. If you run any of the affected servers on any platform, upgrade to iPlanet Web Server 4.0sp2 at:

http://www.iplanet.com/downloads/testdrive/detail_161_243.html.

Netscape has stated that FastTrack will not be patched. Although Netscape released service pack 3 for Enterprise Server 3.6 that fixes the vulnerability in the web server, the Administration Server remains vulnerable.