Just to followup (and for the archives). This was fully an Entercept issue - in 
one of the reports it said it throws this error when starting virtual machines 
(kinda like a JVM, maybe!).

thanks for the responses,
Chris Norloff

---------- Original Message ----------------------------------
From: "Chris Norloff" <[EMAIL PROTECTED]>
Reply-To: [email protected]
Date:  Fri, 27 Jan 2006 15:06:02 -0500

>According to Entercept, when we try to start CFMX 7 there's a buffer overflow. 
>Entercept stops CFMX from starting, saying this is a hack attempt.
>
>We aren't having this issue on another seemingly identical machine.
>
>Anybody have an ideas on this?
>
>thanks,
>Chris Norloff
>
>CFMX 7.0.1 (with CHF1, on Solaris 9, Apache) running as userid=cfmxuser, which 
>is what it was installed to run as.
>
>Event Description
>An attempt to invoke system call [value not available] through a buffer 
>overflow in cfmx7 (/opt/coldfusionmx7/runtime/bin/cfmx7) running with the 
>privileges of user cfmxuser on the system with Agent [machinename]was 
>detected. This attack utilizes the return-to-libc technique.
>This operation was successful. It would have been prevented if the Agent IPS 
>module were set to Protect Mode.
>
>General Signature Description:
>This event indicates that an unspecified buffer overflow attack was attempted 
>against a component of the operating system or an application using the 
>"return-to-libc" technique.
>
>
>
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:235021
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Reply via email to