SecurityTracker: ColdFusion MX Buffer Overflow When Used With Microsoft Internet Information Server (IIS) Lets Remote Users Crash the IIS Web Server or Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Server/CGI) > Macromedia ColdFusion

Vendors: Macromedia

ColdFusion MX Buffer Overflow When Used With Microsoft Internet Information Server (IIS) Lets Remote Users Crash the IIS Web Server or Execute Arbitrary Code

SecurityTracker Alert ID: 1004646

SecurityTracker URL: http://securitytracker.com/id/1004646

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Updated: Nov 13 2002

Original Entry Date: Jun 28 2002

Impact: Denial of service via network, Execution of arbitrary code via network, Root access via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): MX, when used with Microsoft IIS4 or IIS5

Description: A buffer overflow vulnerability was reported in Macromedia's ColdFusion MX when used with Microsoft Internet Information Server (IIS). A remote user can execute arbitrary code on the system or cause IIS to become unresponsive.

It is reported that a remote user can request a ColdFusion template with a filename longer than 8,192 characters or with HTTP headers longer than 4,096 characters to cause IIS to become unresponsive. According to the report, the template does not need to exist.

eEye Digital Security reported on November 12, 2002 that the overflow can be exploited to execute arbitrary code with SYSTEM level privileges.

Impact: A remote user can cause the IIS web server to crash or can execute arbitrary code with SYSTEM level privileges.

Solution: The vendor has released a patch. Macromedia recommends that customers apply the patch, but that they back up existing files before making changes and also test the changes in a non-production server before applying the changes to production servers.

The vendor has provided the following solution steps:

1) Download the MSPB02_CFMX_Windows.zip file:

http://download.macromedia.com/pub/security/jrun/40/MPSB02-05_Windows.zip

This file contains two replacement files:

* jrun.dll - IIS Web Server Connector
* wsconfig.jar - Web Server Configuration utility

2) Use [Control Panel] [Services] to stop the "World Wide Web Publishing Service" (IIS).

3) Replace the file \CFusionMX\runtime\lib\wsconfig\1\jrun.dll with the updated jrun.dll from step 1.

**NOTE: If you have configured multiple web servers, replace the existing jrun.dll in all \CFusionMX\runtime\lib\wsconfig\[n] directories which contain it.

4) Replace the file \CFusionMX\runtime\lib\wsconfig.jar with the updated wsconfig.jar from step 1.

5) Restart the World Wide Web Publishing Service.

See the Vendor URL for the original Macromedia security bulletin.

Vendor URL: www.macromedia.com/v1/handlers/index.cfm?ID=23161 (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (NT), Windows (2000)

Message History: None.

Source Message Contents

Date: Thu, 27 Jun 2002 22:44:47 -0400
Subject: MPSB02-05 - Patch Available for Buffer Overflow attack on ColdFusion MX


http://www.macromedia.com/v1/handlers/index.cfm?ID=23161

MPSB02-05 - Patch Available for Buffer Overflow attack on ColdFusion MX
with Microsoft IIS

On June 27, 2002, Macromedia issued a security bulletin warning of a
buffer overflow in ColdFusion MX when used with Microsoft Internet
Information Server (IIS).

A remote user can request a ColdFusion template with a filename longer
than 8,192 characters or with HTTP headers longer than 4,096 characters
to cause IIS to become unresponsive.  According to the report, the
template does not need to exist.

ColdFusion MX (All Editions, Windows Platform) is vulnerable when used
with Microsoft IIS4 or IIS5.

Macromedia has prepared a patch that is a replacement ColdFusion MX Web
Server Connector for Microsoft IIS.

Macromedia recommends that customers apply the patch, but that they back
up existing files before making changes and also test the changes in a
non-production server  before applying the changes to production
servers.

The vendor has provided the following solution steps:

1) Download the MSPB02_CFMX_Windows.zip file:

http://download.macromedia.com/pub/security/jrun/40/MPSB02-05_Windows.zip

This file contains two replacement files:
          *  jrun.dll - IIS Web Server Connector
          *  wsconfig.jar - Web Server Configuration utility

2) Use [Control Panel] [Services] to stop the "World Wide Web Publishing
Service" (IIS).

3) Replace the file \CFusionMX\runtime\lib\wsconfig\1\jrun.dll with the
updated jrun.dll from step 1.

**NOTE: If you have configured multiple web servers, replace the
existing jrun.dll in all \CFusionMX\runtime\lib\wsconfig\[n] directories
which contain it.

4) Replace the file \CFusionMX\runtime\lib\wsconfig.jar with the updated
wsconfig.jar from step 1.

5) Restart the World Wide Web Publishing Service.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC