iPlanet Web Publisher Remote Buffer Overflow Vulnerability

iPlanet Webserver is an http server product offered by the Sun-Netscape Alliance.

By sending a specially crafted request (composed of at least 2000 characters) it is possible to cause a buffer overflow. This could cause the termination of the affected service, requiring a restart and enabling a remote attacker to effect a denial of service attack.

If the submitted buffer is properly structured, it may yield a remote system shell.

Successful exploitation of this vulnerability could lead to a complete compromise of the host.

Note that while only installations of iWS4.1sp3-7 on Windows NT are immediately vulnerable to this attack, all users of iWS4.1sp3-7 are advised to install the NSAPI.


Privacy Statement
Copyright 2010, SecurityFocus