Just to followup (and for the archives). This was fully an Entercept issue - in one of the reports it said it throws this error when starting virtual machines (kinda like a JVM, maybe!).
thanks for the responses, Chris Norloff ---------- Original Message ---------------------------------- From: "Chris Norloff" <[EMAIL PROTECTED]> Reply-To: [email protected] Date: Fri, 27 Jan 2006 15:06:02 -0500 >According to Entercept, when we try to start CFMX 7 there's a buffer overflow. >Entercept stops CFMX from starting, saying this is a hack attempt. > >We aren't having this issue on another seemingly identical machine. > >Anybody have an ideas on this? > >thanks, >Chris Norloff > >CFMX 7.0.1 (with CHF1, on Solaris 9, Apache) running as userid=cfmxuser, which >is what it was installed to run as. > >Event Description >An attempt to invoke system call [value not available] through a buffer >overflow in cfmx7 (/opt/coldfusionmx7/runtime/bin/cfmx7) running with the >privileges of user cfmxuser on the system with Agent [machinename]was >detected. This attack utilizes the return-to-libc technique. >This operation was successful. It would have been prevented if the Agent IPS >module were set to Protect Mode. > >General Signature Description: >This event indicates that an unspecified buffer overflow attack was attempted >against a component of the operating system or an application using the >"return-to-libc" technique. > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:235021 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

