{"vuid":"VU#746889","idnumber":"746889","name":"Sun Java System Web Proxy Server fails to properly process malformed packets","keywords":["Sun","Java System","Web Proxy Server","buffer overflow","stack-based","SOCKS module","SOCKS server"],"overview":"A vulnerability in the way Sun Java System Web Proxy Server processes malformed packets may allow execution of arbitrary code.","clean_desc":"SOCKS is a network protocol that provides a framework that allows client-server applications to securely use network firewall services. A vulnerability exists in the way Sun Java System Web Proxy Server handles specially crafted SOCKS packets. According to iDefense Security Advisory 05.25.07: The problem specifically exists within the \"sockd\" daemon. This daemon implements SOCKS proxy support for the Web Proxy product. Attackers can cause a buffer overflow by manipulating certain bytes during protocol negotiation.","impact":"An unauthenticated attacker on the local network may be able to execute arbitrary code with the privileges of the SOCKS server or cause a denial of service.","resolution":"Update\nSun has addressed this issue in Sun Alert Notification 102927.","workarounds":"Disable SOCKS proxy server Disable the SOCKS proxy server if it is not needed. According to Sun Alert Notification 102927: This can be accomplished by shutting down the SOCKS server using the 'stop-sockd' script under the Proxy Server instance directory.","sysaffected":"","thanks":"This issue is addressed \nin Sun Alert Notification \n102927 Sun credits iDefense for reporting this issue.","author":"This document was written by Chris Taschner.","public":["http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536","http://sunsolve.sun.com/search/document.do?assetkey=1-26-102927-1","http://secunia.com/advisories/25405/"],"cveids":["CVE-2007-2881"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-05-29T14:30:38Z","publicdate":"2007-05-25T00:00:00Z","datefirstpublished":"2007-05-30T15:25:19Z","dateupdated":"2007-09-27T14:37:32Z","revision":11,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"12","cam_population":"7","cam_impact":"18","cam_easeofexploitation":"14","cam_attackeraccessrequired":"20","cam_scorecurrent":"17.8605","cam_scorecurrentwidelyknown":"21.168","cam_scorecurrentwidelyknownexploited":"34.398","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":17.8605,"vulnote":null}