N/A - SUN-275850

The following security vulnerabilities have been reported in the SunJava System Web Server and the Sun Java System Web Proxy Server.

BugIDs 6916389 and 6916390 describe buffer overflow and format stringvulnerabilities in the WebDAV extensions to the Sun Java System WebServer.  These issues may allow remote clients to trigger a WebServer crash, thus resulting in a Denial of Service (DoS) condition.These issues may also allow remote unauthorized users to gain elevatedprivileges, enabling them to access and modify sensitive files.

BugIDs 6916391 and 6917212 describe buffer overflow issues in the DigestAuthentication methods in the Sun Java System Web Server and Sun JavaSystem Web Proxy Server, which may allow remote unprivileged users tocrash the Web Server or the Web Proxy Server, thus leading to a Denialof Service (DoS) condition. These issues may also lead to execution ofarbitrary code with elevated privileges.

BugIDs 6916392 and 6917211 describe heap overflow issues in the HTTPTRACE functionality in the Sun Java System Web Server and Sun JavaSystem Web Proxy Server, which may allow remote unprivileged users tocrash the Web Server or the Web Proxy Server, thus leading to a Denialof Service (DoS) condition. These issues may also be exploited to gainunauthorized access to sensitive information.

Sun acknowledges with thanks, Evgeny Legerov from Intevydis <www.intevydis.com> for discovering andreporting these issues.