I have been asked by Macromedia to point out that the cumulative patch for JRun 3.1 found at http://www.macromedia.com/v1/Handlers/index.cfm?ID=22273&Method=Full also addresses the buffer overflow vulnerability discussed in our advisory, number #NISR29052002. Customers not wishing to upgrade to Version 4 should install this patch. Thanks, David Litchfield http://www.ngssoftware.com/
Addendum to advisory #NISR29052002 (JRun buffer overflow)
NGSSoftware Insight Security Research Wed, 29 May 2002 13:15:35 -0700
