A security vulnerability in the search feature of Sun Microsystems Inc.'s iPlanet Web server can allow attackers to execute code of their choice on remote iPlanet servers, according to a security advisory released Tuesday by Next Generation Security Software Ltd.
The flaw affects iPlanet Web server versions 4.1 and 6.0, NGSSoftware said. Sun has released patches to address the vulnerability on both versions of the software.
IPlanet's search feature is turned off by default, but if it is enabled, a buffer overflow in the "NS-rel-doc-name" parameter can be exploited to give an attacker control over the execution of that process, NGSSoftware, which is based in the U.K., said in its advisory. Gaining this control will give an attacker the ability to run any code with the same access rights as the administrator account running on the Web server, which in some cases would give the attacker unfettered access and the ability to take over the server, the company said.
The flaw, which NGSSoftware called high-risk, can be fixed by applying patches from Sun. Users of iPlanet 4.1 can download the patch, which is a part of Service Pack 10, at http://wwws.sun.com/software/download/download/5261.html.
Users of iPlanet 6.0, which has been renamed Sun ONE Web server 6.0, can download Service Pack 3 to fix the issue at http://wwws.sun.com/software/download/download/5262.html.
Another popular Web server, the open source Apache server, was found in mid-June to contain a security hole that could allow attacker to take over affected servers.