iPlanet Vulnerabilities
Impact
A buffer overflow in the iPlanet Web Server could allow
a remote attacker to cause a denial of service or to
execute arbitrary code.
Background
The
iPlanet Web Server can be configured to run with
server side parsing, allowing files on the server to be
dynamically included in a web page before being sent
to the client. Files ending in .shtml are
processed with server side parsing.
The Problems
By sending a very long HTTP request
ending in the .shtml extension, it is
possible to cause a buffer overflow, which could be
used to create a denial of service or to execute
arbitrary code. This vulnerability affects iPlanet
4.0 and 4.1 web servers with server side parsing
enabled.
Resolutions
Disable server side parsing. If server side parsing
is needed, then apply a vendor patch when one becomes
available.
Where can I read more about this?
This vulnerability was discussed in
S.A.F.E.R.
Security Bulletin 001026.EXP.1.8.