----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, July 11, 2001 12:55 PM
Subject: RE: Important ColdFusion Security Patch Released Today
> Does anyone know:
>
> 1) exactly what files are updated (looks like all the stubs - such as
> iscf.dll - but I'm not sure)
>
I think that is all that is updated (hence the fact that there is only one update file
for each OS).
> 2) the nature of the security problem - obviously MM is going for
> security-thru-obscurity and is not going to describe the exact problem, but
> some clue as to the possible effects, how to tell if the weakness has been
> taken advantage of, etc would be helpful
>
No idea...in a way it's better that they don't point out the vulnerability.
> 3) what workarounds, if any, can be used instead of applying the patch
>
See #2 above...
> 4) If there's a way to apply the patch without a reboot (if it's just the
> stubs an IIS stop-start might be enough)
>
Looks like a replacement of the stubs would work and simply stopping the web server
and replacing it would do the trick but it's
probably better to do the proper installation.
Regards,
Howie Hamlin - inFusion Project Manager
On-Line Data Solutions, Inc.
www.CoolFusion.com
631-737-4668 x101
inFusion Mail Server (iMS) - The Intelligent Mail Server
Join the DevCon community at www.coolfusion.com/devcon
>
>
> -----Original Message-----
> From: Phil Costa [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 11, 2001 8:50 AM
> To: CF-Talk
> Subject: Important ColdFusion Security Patch Released Today
>
>
> During a routine internal security audit of Macromedia
> ColdFusion, Macromedia discovered two important security
> issues that affect ColdFusion Server versions 2.0 through
> 4.5.1 SP2.
>
> We have released a Security Bulletin about these issues
> and a patch for ColdFusion Server versions 3.1.1, 4.0, 4.0.1,
> 4.5, 4.5.1 SP1, and 4.5.1 SP2 (all editions).
>
> We are strongly encouraging customers to review the new
> Macromedia Product Security Bulletin (MPSB01-07) and to
> install the patch as quickly as possible. You can find the
> security bulletin and the patch in the Security Zone at:
>
> http://www.allaire.com/security
>
> ~~~~~~~
> MPSB01-07: Macromedia releases patch that addresses
> ColdFusion security issues.
>
> Please note, the security issues DO NOT affect ColdFusion
> Server 5.
>
> As a Web application server vendor, the security of the
> systems our customers deploy is a top priority. Securing
> Web applications, especially those deployed on the Internet,
> is complex and involves a wide range of technologies and
> methodologies from a variety of vendors. Macromedia uses
> the Security Zone in order to better inform our customers
> about security issues that may affect them.
>
> In the Security Zone you will find Security Bulletins that
> explain important issues, technical briefs, and links to
> other resources. In addition, you can subscribe to the
> Security Notification Service in order to receive future
> Security Bulletins when they are published.
>
> We understand how important security is to our customers,
> and we're committed to working to provide a secure platform
> for your Web application development. Thank you for your
> time and consideration on this issue.
>
> - Security Response Team, Macromedia, Inc.
>
> ~~~~
> P.S. As a reminder, Macromedia has set up an e-mail
> address that customers can use to report security issues
> associated with any Macromedia product; that is:
>
> [EMAIL PROTECTED]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
