| VID |
23188 |
| Severity |
40 |
| Port |
6789 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The Sun Java Web Console, according to its version number, has a format string vulnerability related to syslog. Sun Java Web Console versions 2.2.2 through to 2.2.5 could allow a remote attacker to execute arbitrary code on the system, caused by a format string vulnerability related to syslog in the libwebconsole_services.so library. By sending a specially-crafted login request, a remote attacker could cause the affected application to crash or execute arbitrary code with the privileges of the web server.
* References:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1
http://www.securityfocus.com/archive/1/archive/1/466048/100/0/threaded
http://www.frsirt.com/english/advisories/2007/1443
http://www.nruns.com/security_advisory_sun_java_format_string.php
http://secunia.com/advisories/24927
* Platforms Affected:
Sun Java Web Console 2.2.2
Sun Java Web Console 2.2.3
Sun Java Web Console 2.2.4
Sun Java Web Console 2.2.5
Sun Solaris 10 |
| Recommendation |
Apply the appropriate patch for your system, available from the Sun Alert ID: 102854 at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1
-- OR --
Update to the latest version of Sun Java Web Console (version 2.2.6 or later). Sun Java Web Console 2.2.6 can be downloaded at http://www.sun.com/download/products.xml?id=461d58be |
| Related URL |
CVE-2007-1681 (CVE) |
| Related URL |
23539 (SecurityFocus) |
| Related URL |
33731 (ISS) |
|
