Does everything have buffer overruns these days? > > > INFORMATION ALERT > > > AN EMERGING ISSUE WITH: > BUFFER OVERFLOWS IN MACROMEDIA JRUN AND COLDFUSION > > > SEVERITY: > Medium > > DATE: > November 12, 2002 > > > --------------------------------------------------------------- > > For an easier-to-read HTML version of this article, go to: > https://www3.watchguard.com/archive/showhtml.asp?pack=135224 > > --------------------------------------------------------------- > > > SUMMARY: > > In a post to the VulnWatch mailing-list today, eEye Digital Security > described buffer overflow vulnerabilities in both Macromedia JRun > 4.0 and ColdFusion MX 6.0 when installed on a Microsoft IIS Web > server. A hacker could exploit these buffer overflows to gain > complete control of your IIS Web server. There is no direct impact > on WatchGuard products. IIS administrators using Macromedia JRun 4.0 > (and previous versions), or ColdFusion MX 6.0 (and earlier), should > download, test, and install the corresponding patches as soon as > possible. > > > EXPOSURE: > > Macromedia sells server products which help Web administrators build > and deploy sites using numerous Web technologies. For instance, > Macromedia's JRun helps Web administrators deliver Java applications > on their Web sites, while Macromedia's ColdFusion MX allows Web > administrators to design Web applications that integrate with > databases, XML, and Flash. Both these Macromedia products can plug > into an IIS Web server. > > eEye Digital Security <http://www.eeye.com>'s advisory > <http://cert.uni-stuttgart.de/archive/vulnwatch/2002/11/msg00023.html> > describes buffer overflows > <https://www3.watchguard.com/archive/images/lsglossary.htm#buffer_overflow> > > affecting Macromedia ColdFusion MX 6.0 (and earlier versions) as > well as Macromedia JRun 4.0 (and earlier) when installed on > Microsoft IIS Web Servers. Although they affect different products, > both buffer overflows have the same scope. By sending a specially- > crafted, over-long HTTP packet to a vulnerable IIS server, a hacker > could exploit these flaws to gain complete control of your Web > server. > > > SOLUTION PATH: > > Macromedia has released patches to fix these buffer overflow > vulnerabilities. IIS administrators using affected versions of > Macromedia ColdFusion MX and JRun should download, test, and install > the appropriate patch as soon as possible. Obtain the patches here: > > * ColdFusion MX Updater > <http://www.macromedia.com/support/coldfusion/downloads_updates.html#Upda > ter> > > * JRun Cumulative Security Patch > <http://www.macromedia.com/v1/handlers/index.cfm?ID=23500> > > > -- For WatchGuard SOHO and Firebox Users: > > An attack exploiting these vulnerabilities uses normal HTTP traffic. > If you allow incoming HTTP access so outside users can reach your > Web site, the patches above are your primary recourse. > > > -- For ServerLock and AppLock/Web Users: > > This vulnerability involves a heap overflow, which ServerLock's > stack overflow protection does not address. However, if exploited, > these vulnerabilities usually result in the attacker damaging or > altering files on the targeted server. A default ServerLock install > will protect Windows system files from such damage. With ServerLock > Custom Rules, you can extend ServerLock's protections to include any > application's registry keys or data files, protecting them from > modification by unauthorized users. > > Likewise, AppLock/Web, designed to protect IIS, OS, and Web site > files from any modification, would prevent damage intended for the > protected server, even if the intruder managed to gain root > privileges. > > > STATUS: > > Patches are available. > > > DIRECT IMPACT ON WATCHGUARD PRODUCTS: > > None. > > > IMPACT ON NETWORKS PROTECTED BY WATCHGUARD PRODUCTS: > > IIS administrators using Macromedia ColdFusion MX 6.0 (or previous > versions) or Macromedia JRun 4.0 (and earlier) are susceptible to > hackers taking over their Web server. > > > REFERENCES: > > eEye's post to VulnWatch > <http://cert.uni-stuttgart.de/archive/vulnwatch/2002/11/msg00023.html> > > > This alert was researched and written by Corey Nachreiner. > > > ======================================================= > FEEDBACK: This e-mail was sent from an unattended mailbox, > so please do not reply to it. Send comments to > [EMAIL PROTECTED] <mailto:lsseditor@;watchguard.com> > > For other helpful articles, log into the LiveSecurity Archive > <https://www3.watchguard.com/archive/broadcasts.asp>. > > ------------------------------------------------------- > UNSUBSCRIBE: You received this e-mail because you subscribed > to the WatchGuard LiveSecurity Service, which advises about > virus alerts, security best practices, new hacking exploits, > and more. To stop receiving future e-mails, or to change which > e-mail address receives this content, please log in at > https://www3.watchguard.com/archive/preferences.asp. > > For technical support, visit > https://support.watchguard.com/incidents/NewIncident.asp > or call 1-877-232-3531. > > ------------------------------------------------------ > Copyright 2002 WatchGuard Technologies, Incorporated. All > Rights Reserved. WatchGuard, LiveSecurity, Firebox and > ServerLock are registered trademarks or trademarks of > WatchGuard Technologies, Inc. in the United States and/or > other countries. All other trademarks are the property of > their respective owners. > > You may not modify, reproduce, republish, post, transmit > or distribute this content except as expressly permitted > in writing by WatchGuard Technologies, Inc. > > ====================================================== >
-- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
