Deanna Schneider wrote:
> Hi Folks,
> My server administrator just asked me to look into something that he heard
> about the jrun components in CF 5.0 being some sort of a security risk. He
> didn't elaborate further, though. So, I'm not sure what he's referring to.
> Has anyone else heard of this issue? (I tried searching on the macromedia
> site, but didn't find anything, and the cf-talk archive search isn't working
> right now.)
I would guess that he has subscribed to some CERT mailinglist (and I
suggest everybody here does the same) for this afternoon I got the
message below.
Tthe issue is in the JRUN stub that plugs in to IIS. Don't know if CF 5
is using that too.
Jochem
-------- Original Message --------
Hash: SHA1
===============================================================================
Security Advisory
CERT-NL
===============================================================================
Author/Source : Nico de Koo Index :
S-02-60
Distribution : World Page :
1
Classification: External Version:
1
Subject : Buffer overflow in Macromedia JRun Date
:30-May-2002
===============================================================================
By courtesy of CERT/CC we received the following information.
A remotely exploitable buffer overflow exists in Macromedia's JRun 3.0
and 3.1.
This vulnerability allows a remote attacker to execute arbitrary code
This advisory provides a patch to cure your Jrun environment on you server.
CERT-NL recommends to apply the patch provided.
==============================================================================
CERT Advisory CA-2002-14 Buffer overflow in Macromedia JRun
Original release date: May 29, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Windows NT4 or Windows 2000 running IIS versions 4 or 5 and
Macromedia JRun 3.0 or 3.1
Overview
A remotely exploitable buffer overflow exists in Macromedia's JRun 3.0
and 3.1.
I. Description
JRun is an application server that works with most popular web
servers, such as Apache and Internet Information Server (IIS).
According to Macromedia, JRun is deployed at over 10,000 organizations
worldwide.
As reported in the Next Generation Security Software Advisory
(#NISR29052002), a remotely exploitable buffer overflow exists in the
ISAPI filter/application. Specifically, the buffer overflow exists in
the portion of code that handles the host header field. If an attacker
sends a specially crafted request to the application server, he can
overwrite a return address on the stack. Because the vulnerable DLL is
running in the address space of the web server process, code submitted
by the attacker will be run with SYSTEM privileges.
II. Impact
A remote attacker can execute arbitrary code on the vulnerable target
with SYSTEM privileges.
III. Solution
Apply a patch from Macromedia or upgrade to JRun 4. The patch is
available from:
http://www.macromedia.com/v1/Handlers/index.cfm?ID=22273&Method=Full#download
JRun 4 is available at:
http://www.macromedia.com/software/jrun/
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this
advisory. Additional information can be found in VU#703835.
Macromedia Inc.
Macromedia has confirmed that this is a problem in older versions
of JRun 3.0 and 3.1 and is soon to publish a security bulletin
regarding this. Visit the Macromedia security zone site at
http://www.macromedia.com/security for more information.
______________________________________________________________________
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
