> Does anyone know:
>
> 1) exactly what files are updated (looks like all the stubs - such
> as iscf.dll - but I'm not sure)
Just the API and CGI stubs are replaced.
> 2) the nature of the security problem - obviously MM is going for
> security-thru-obscurity and is not going to describe the exact
> problem, but some clue as to the possible effects, how to tell if
> the weakness has been taken advantage of, etc would be helpful
Here's my guess about the nature of the problem. It's clear that it's a
problem with the API and CGI stubs. I think that there exists some
vulnerability that can cause CFCONTENT functionality to be executed, taking
advantage of a buffer overflow in the stub. Further, on Windows, I think
that the specific overflow may exist in the earlier VC++ runtime used with
versions of CF prior to version 5, which would explain why CF 5 isn't
vulnerable, and why the patch requires the VC++ 6 runtime.
Keep in mind this is a wild guess, completely unsupported by hard evidence.
> 3) what workarounds, if any, can be used instead of applying
> the patch
If my above guess is right, there really isn't any workaround, if you allow
untrusted connections to your web server. This would explain MM's relatively
close-mouthed position on this - since there's nothing that can be done
about it other than installing the patch, they don't stand to gain by
providing any information about the specifics. If they did provide that
info, people could start looking for the problem pretty quickly.
> 4) If there's a way to apply the patch without a reboot (if
> it's just the stubs an IIS stop-start might be enough)
According to the FAQ provided by MM, the patch can be manually applied
without a reboot.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
