Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: iPlanet FastTrack/Enterprise 4.1 DoS clarifications
From: Calvin Tait <ctait () GLOBESET COM>
Date: Wed, 24 Jan 2001 14:45:46 -0600

SP6 has been released by iPlanet.....
http://www.iplanet.com/support/iws-alert/index.html

Karubin


-----Original Message-----
From: Peter W [mailto:peterw () USA NET]
Sent: Wednesday, January 24, 2001 5:35 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: iPlanet FastTrack/Enterprise 4.1 DoS clarifications


Regarding Peter Guendl's discovery of DoS attacks against iWS 4.1:

1) Peter G. reports that disabling the cache with cache-init is not
   an effective workaround for the FastTrack problem.

2) I wrote that iWS 4.1 has "at least one huge hole (remote code
execution
   via SSL/TLS implementation bug)". Another reader has pointed out that
   the SSL/TLS problem was announced as a Denial of Service
vulnerability.

3) The note about Service Pack levels for iPlanet Enterprise 4.1 in
   Peter Gruendl's "Netscape Enterprise Server Dot-Dot DoS" was somewhat
   confusing. The iPlanet URL he refers to correctly states that the
   latest supported iPlanet Web servers[0] are 4.0sp6 and 4.1sp5. 4.1sp6
   has not been released or officially announced by iPlanet.

Thanks,

-Peter

[0] All Netscape-branded Web server products, including Netscape
Enterprise 3.6,
    have officially passed their end-of-life dates and are no longer
supported.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]