has issued service packs to fix bugs in the search function of its iPlanet Web server.
The buffer overrun vulnerabilities, detected by Next Generation Security Software (NGSS), affects versions 4.1 and 6.0 of iPlanet. The flaw could allow a remote attacker to run arbitrary code if the search function within the Server is enabled. It is described as a high-risk bug.
By default, the vulnerable search function is turned off but, if enabled, NGSS found that the iPlanet server is vulnerable to a remotely exploitable buffer overrun.
By supplying an overly long value for the 'NS-rel-doc-name' parameter a saved return address is overwritten on the stack, giving control over the vulnerable process' execution. Any code supplied will run in the security context of the account running the web server.
On Windows NT/2000, for example, this account is the local SYSTEM account, by default, so any code will run uninhibited, NGSS warned.
Service packs have been issued at Sun's Web site. Users of iPlanet Web Server 6 should install Service Pack 3 and 4.1 users should install Service Pack 10.
The iPlanet Web server bug comes on the heels of a chunk handling vulnerability in versions of the open-source Apache Web server that could cause denial-of-service attacks or allow an attacker to take remote control of a server.
The detection of that bug, which harms Web servers based on Apache code versions 1.3 through 1.3.24 and versions 2.0 through 2.0.36, has created bad blood in the software security space with Apache officials upset they weren't first notified before the ISS issued its advisory and patch. "We were also notified today by ISS that they had published the same issue which has forced the early release of this advisory," the Foundation said.
Security experts have spent the last few weeks attempting to decode a worm that has been discovered exploiting the Apache flaw.