Home page logo
/

bugtraq logo Bugtraq mailing list archives

iPlanet FastTrack/Enterprise 4.1 DoS clarifications
From: Peter W <peterw () USA NET>
Date: Wed, 24 Jan 2001 06:34:52 -0500

Regarding Peter Guendl's discovery of DoS attacks against iWS 4.1:

1) Peter G. reports that disabling the cache with cache-init is not
   an effective workaround for the FastTrack problem.

2) I wrote that iWS 4.1 has "at least one huge hole (remote code execution
   via SSL/TLS implementation bug)". Another reader has pointed out that
   the SSL/TLS problem was announced as a Denial of Service vulnerability.

3) The note about Service Pack levels for iPlanet Enterprise 4.1 in
   Peter Gruendl's "Netscape Enterprise Server Dot-Dot DoS" was somewhat
   confusing. The iPlanet URL he refers to correctly states that the
   latest supported iPlanet Web servers[0] are 4.0sp6 and 4.1sp5. 4.1sp6
   has not been released or officially announced by iPlanet.

Thanks,

-Peter

[0] All Netscape-branded Web server products, including Netscape Enterprise 3.6,
    have officially passed their end-of-life dates and are no longer supported.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]