Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities

Bugtraq ID:	24165
Class:	Boundary Condition Error
CVE:	CVE-2007-2881
Remote:	Yes
Local:	No
Published:	May 25 2007 12:00AM
Updated:	Nov 15 2007 12:36AM
Credit:	The discoverer of these issues wishes to remain anonymous
Vulnerable:	Sun Java Web Proxy Server 4.0.4 Sun Java Web Proxy Server 4.0.3 Sun Java Web Proxy Server 4.0.2 Sun Java Web Proxy Server 4.0 SP1 Sun Java Web Proxy Server 4.0 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux AS 3
Not Vulnerable:	Sun Java Web Proxy Server 4.0.5

Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities

Sun Java System Web Proxy Server is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code with superuser privileges, leading to the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

These issues affect Web Proxy Server 4.0.3; prior versions may also be affected.

Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities

Solution:
The vendor released an update to address these issues. Please see the references for more information.


Sun Java Web Proxy Server 4.0 SP1

• Sun 120981-12
  SPARC Platform
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120981-12-1


• Sun 120982-12
  x86 Platform
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120982-12-1


• Sun 120983-12
  Linux
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120983-12-1


• Sun 123532-02
  http://sunsolve.sun.com/search/document.do?assetkey=1-21-123532-02-1


• Sun 126325-02
  For WIndows
  http://sunsolve.sun.com/patches/


• Sun Sun Java System Web Proxy Server 4.0.5
  http://www.sun.com/download/products.xml?id=4648dc96

Sun Java Web Proxy Server 4.0

• Sun 120981-12
  SPARC Platform
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120981-12-1


• Sun 120982-12
  x86 Platform
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120982-12-1


• Sun 120983-12
  Linux
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120983-12-1


• Sun 123532-02
  http://sunsolve.sun.com/search/document.do?assetkey=1-21-123532-02-1


• Sun 126325-02
  For WIndows
  http://sunsolve.sun.com/patches/


• Sun Sun Java System Web Proxy Server 4.0.5
  http://www.sun.com/download/products.xml?id=4648dc96

Sun Java Web Proxy Server 4.0.3

• Sun 120981-12
  SPARC Platform
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120981-12-1


• Sun 120982-12
  x86 Platform
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120982-12-1


• Sun 120983-12
  Linux
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120983-12-1


• Sun 123532-02
  http://sunsolve.sun.com/search/document.do?assetkey=1-21-123532-02-1


• Sun 126325-02
  For WIndows
  http://sunsolve.sun.com/patches/


• Sun Sun Java System Web Proxy Server 4.0.5
  http://www.sun.com/download/products.xml?id=4648dc96

Sun Java Web Proxy Server Multiple Buffer Overflow Vulnerabilities

References:

• Sun Java System Web Proxy Multiple Buffer Overflow Vulnerabilities (iDefense Labs )
  
• Sun Java Web Proxy Server Homepage (Sun Microsystems)
  
• iDefense Security Advisory 05.25.07: Sun Java System Web Proxy Multiple Buffer O ([email protected])
  
• Sun Alert ID 102927 (Sun Microsystems)
  
• Vulnerability Note VU#746889 Sun Java System Web Proxy Server fails to properly (US-CERT)