A buffer overflow has been discovered in the search component of Sun’s iPlanet Web Server, which is not activated by default. The unchecked buffer handles the NS-rel-doc-name parameter; remote system compromise is possible. See the advisory for more information. The hole was reported to Sun back in April, but they didn’t patch it till now. Visit iPlanet’s patch site for the fix.

Update: A remote file viewing vulnerability has also been discovered in iPlanet – once again in the Search function. This bug is also supposedly fixed in the latest service pack.