Security: Possible buffer overflow security exposure (Only if local OS and security is enabled)
 Flash (Alert)
 
Abstract
Possible security exposure of buffer overflow in IBM WebSphere Application Server V5.0.2. If security is enabled and local OS is configured as the user registry on Windows NT® and UNIX® Local OS, a unicode buffer can overflow and cause IBM® WebSphere® Application Server to fail.
 
Content
A possible security exposure has been identified in IBM WebSphere Application Server for all releases of WebSphere Application Server Base, Network Deployment, and Express Version 5.0, 5.0.1 and 5.0.2. This is only applicable to users who enable security and configured local OS as the user registry on Windows® NT and UNIX Local OS. There is a possible unicode buffer overflow under these conditions.
Versions Affected
The WebSphere Application Server code was updated to resolve the issue:


Versions
affected

Version problem is fixed

Interim or Cumulative Fix

V5.0 through V5.0.1

V5.0.2.11

Must apply Fix Pack 2 (5.0.2), or later, then Cumulative Fix 11 (5.0.2.11), or later
- OR -
Must apply Fix Pack 2 (5.0.2), or later, then Cumulative Fix 5 (5.0.2.5), or later, then apply Interim Fix APAR PK02002 (if you do not wish to upgrade to Cumulative Fix 11 (5.0.2.11) at this time)

V5.0.2 through V5.0.2.4

V5.0.2.11

Must apply Cumulative Fix 11 (5.0.2.11), or later
- OR -
Must apply Cumulative Fix 5 (5.0.2.5), or later, then apply Interim Fix APAR PK02002

V5.0.2.5 through V5.0.2.10

V5.0.2.11

Must apply Cumulative Fix 11, or later
- OR -
Must apply Interim Fix APAR PK02002

Solutions
Fixes are available for IBM WebSphere Application Server as follows:

IBM interim fixes and fix packs are available from the IBM WebSphere Application Server product support page.
 
Related information
Recommended Updates for WebSphere Application Server
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers WebSphere Application Server - Express Security AIX, HP-UX, Solaris, Windows 5.0, 5.0.1, 5.0.2, 5.0.2.1, 5.0.2.10, 5.0.2.2, 5.0.2.3, 5.0.2.4, 5.0.2.5, 5.0.2.6, 5.0.2.7, 5.0.2.8, 5.0.2.9 Express
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 5.0.2.10
Software edition:
Reference #: 1209956
IBM Group: Software Group
Modified date: Jun 28, 2005