Clint, this has to do with server software which I don't think would be very commonly used by anyone here. Maybe your big old tower system is the exception? ;) Peter Kaulback Clint Hamilton-PCWorks Admin-OrpheusComputing.com & ComputersCustomBuilt.com wrote: > TITLE: > Sun Java System Active Server Pages Multiple Vulnerabilities > > SECUNIA ADVISORY ID: > SA30523 > > VERIFY ADVISORY: > http://secunia.com/advisories/30523/ > > CRITICAL: > Highly critical > > IMPACT: > Security Bypass, Manipulation of data, Exposure of system > information, Exposure of sensitive information, System access > > WHERE: >>From remote > > SOFTWARE: > Sun Java System Active Server Pages 4.x > http://secunia.com/product/15769/ > > DESCRIPTION: > Some vulnerabilities and a security issue have been reported in > Sun > Java System Active Server Pages, which can be exploited by > malicious > users to compromise a vulnerable system, and by malicious > people to > disclose sensitive information, manipulate certain data, bypass > certain security restrictions, or to compromise a vulnerable > system. > > 1) Input passed to an unspecified file included by various ASP > applications is not properly verified before being used within > a > function to create files. This can be exploited to create or > append > to arbitrary files on the system. > > 2) A security issue is caused due to password and configuration > data > being stored within the application server root directory. This > can > be exploited to disclose sensitive information, e.g. > configuration > data or password hashes. > > 3) An input validation error exists within unspecified ASP > applications, which can be exploited to disclose the content of > arbitrary files or delete arbitrary files via specially crafted > HTTP > requests containing directory traversal sequences. > > Successful exploitation of vulnerabilities #1 to #3 requires > network > access to the administration server (port 5100/TCP). > > 4) A boundary error exists in the handling of request within > the ASP > server, which can be exploited to cause a stack-based buffer > overflow > via a specially crafted request. > > Successful exploitation allows execution of arbitrary code. > > 5) Various input to unspecified ASP applications is not > properly > sanitised before being used to execute shell commands. This can > be > exploited to inject and execute arbitrary shell commands via > specially crafted HTTP requests containing shell > meta-characters. > > Successful exploitation requires authenticated access to the > administration server (but see #6). > > 6) A design error can be exploited to bypass the authentication > of > the administration HTTP server by sending specially crafted > requests > to port 5102/TCP. > > The vulnerabilities are reported in version 4.0.2. Other > versions may > also be affected. > > SOLUTION: > Update to version 4.0.3 > https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_SMI-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=SJASP-4.0.3-OTH-G-TP@CDS-CDS_SMI > > ORIGINAL ADVISORY: > Sun: > http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1 > > iDefense Labs: > http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705 > http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706 > http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=707 > http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=708 > http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709 > http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=710 ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts.