[18805] in bugtraq
Re: iPlanet FastTrack/Enterprise 4.1 DoS clarifications
daemon@ATHENA.MIT.EDU (Calvin Tait)
Thu Jan 25 03:46:17 2001
Content-Class: urn:content-classes:message
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <271E32625B29AF458A63FF584471AA340405CD@austria.austin.inovant.com>
Date: Wed, 24 Jan 2001 14:45:46 -0600
Reply-To: Calvin Tait <ctait@GLOBESET.COM>
From: Calvin Tait <ctait@GLOBESET.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
SP6 has been released by iPlanet.....
http://www.iplanet.com/support/iws-alert/index.html
Karubin
-----Original Message-----
From: Peter W [mailto:peterw@USA.NET]
Sent: Wednesday, January 24, 2001 5:35 AM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: iPlanet FastTrack/Enterprise 4.1 DoS clarifications
Regarding Peter Guendl's discovery of DoS attacks against iWS 4.1:
1) Peter G. reports that disabling the cache with cache-init is not
an effective workaround for the FastTrack problem.
2) I wrote that iWS 4.1 has "at least one huge hole (remote code
execution
via SSL/TLS implementation bug)". Another reader has pointed out that
the SSL/TLS problem was announced as a Denial of Service
vulnerability.
3) The note about Service Pack levels for iPlanet Enterprise 4.1 in
Peter Gruendl's "Netscape Enterprise Server Dot-Dot DoS" was somewhat
confusing. The iPlanet URL he refers to correctly states that the
latest supported iPlanet Web servers[0] are 4.0sp6 and 4.1sp5. 4.1sp6
has not been released or officially announced by iPlanet.
Thanks,
-Peter
[0] All Netscape-branded Web server products, including Netscape
Enterprise 3.6,
have officially passed their end-of-life dates and are no longer
supported.
