Executive Summary
Summary | |
---|---|
Title | Sun Alert 102927 Security Vulnerabilities in the SOCKS Module of Sun Java System Web Proxy Server 4.0 |
Informations | |||
---|---|---|---|
Name | SUN-102927 | First vendor Publication | 2007-07-26 |
Vendor | Sun | Last vendor Modification | 2007-09-14 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Sun Java System Web Proxy Server 4.0 Two buffer overflows have been found in the SOCKS module of Sun Java System Web Proxy Server 4.0 which may allow a local or remote unprivileged user the ability to execute arbitrary code with the privileges of the SOCKS server or cause a Denial of Service (DoS) to the SOCKS server. The SOCKS server normally runs with root privileges. One of the vulnerabilities (BugID 6537736) requires authentication before it can be exploited; however, the default configuration is for no authentication to be required to access the SOCKS server. Sun acknowledges with thanks, iDefense (http://www.idefense.com), for bringing these issues to our attention. These issues are also described in the following document: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536 Avoidance: Upgrade State: Resolved First released: 25-May-2007 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_102927_security_vulnerabilities |
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Sun Java System Web Proxy sockd buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
35841 | Sun Java Web Proxy Server SOCKS Support Multiple Remote Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | HP OpenView Storage Data Protector Stack Buffer Overflow RuleID : 17530 - Revision : 8 - Type : SERVER-OTHER |
2014-01-10 | Oracle Java System sockd authentication buffer overflow attempt RuleID : 15482 - Revision : 6 - Type : SERVER-OTHER |
2014-01-10 | Sun One web proxy server overflow attempt RuleID : 15422 - Revision : 5 - Type : SERVER-OTHER |
2014-01-10 | Oracle Java web proxy sockd buffer overflow attempt RuleID : 11680 - Revision : 13 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2014-01-19 21:31:02 |
|