SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Macromedia JRun Vendors:   Macromedia
Macromedia JRun Server Contains a Buffer Overflow and May Also Disclose Log File Contents to Remote Users
SecurityTracker Alert ID:  1005545
SecurityTracker URL:  http://securitytracker.com/id/1005545
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Nov 13 2002
Original Entry Date:  Nov 6 2002
Impact:   Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0, 3.1 and 4.0
Description:   Several vulnerabilities were reported in Macromedia's JRun server. A remote user may be able to view JRun log file contents on the server. A buffer overflow on the server may be remotely triggered.

According to the report, a remote user may be able to trigger a buffer overflow by supplying a long URL to a Windows-based JRun server. eEye Digital Security has stated that this could cause arbitrary code to be executed with SYSTEM level privileges.

It was also reported that a remote user may be able to view the JRun log file and jrun.ini configuration file from a Windows-based JRun server. The exploit method was not disclosed.

Macromedia credits Royans Tharakan of Ingenuity for reporting a source code disclosure bug and Marc Maiffret of eEye Digitial Security for reporting a buffer overflow bug.

[Editor's note: Macromedia has released a cumulative patch that fixes several problems. It appears that the newly reported vulnerabilities only affect JRun on Windows platforms. However, the cumulative patch applies to all editions on all platforms.]

Impact:   A remote user can view JRun log files and configuration files. A remote user may be able to cause the Windows-based server version to crash or execute arbitrary code with SYSTEM level privileges.
Solution:   The vendor has released a cumulative patch. For the patch matrix (providing patches in English, French, and Japanese), see the vendor bulletin at:

http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500

Also, patch-specific instructions are provided in the vendor bulletin.

The bulletin notes that JRun 4.0 users that have upgraded to JRun4 SP1 or SP1a do not need to download this patch.

Vendor URL:  www.macromedia.com/v1/Handlers/index.cfm?ID=23500 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Macromedia JRun Cumulative Patch


http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500

Macromedia issued a security bulletin (MPSB02-12) announcing a cumulative security patch
for JRun 3.0, 3.1 and 4.0.


According to the report, this patch resolves the following vulnerabilities:

Windows/Microsoft IIS specific

    * JRun log file/jrun.ini file disclosure.
    * Buffer overflow with long URL.

Other Fixes

    * Fix for a regression with relative path includes caused by the previous security
update MPSP02-07. (All Platforms, All Web Servers)
    * Netscape/IPlanet header USER_AGENT not available with getHeader() calls. 
    * JSP source code disclosure using unicode escape characters in the JRun Web Server
(the non-production internal web server) on non-Windows platforms.


The bulletin notes that JRun 4.0 users that have upgraded to JRun4 SP1 or SP1a do not need
to download this patch.

For the patch matrix (providing patches in English, French, and Japanese), see the vendor
bulletin at:

http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500

Also, patch-specific instructions are provided in the vendor bulletin.


Macromedia credits the following people for reporting these flaws:

    * Peter Grundl of KPMG and http://www.kpmg.dk. for reporting several denial of
service, heap overflow and multiple view source vulnerabilities.
    * Royans Tharakan of Ingenuity and http://www.ingenuity.com for reporting a source
code disclosure.
    * Marc  Maiffret of eEye Digitial Security and http://www.eEye.com for reporting a
buffer overflow problem.


[Editor's note:  We regret that the original Macromedia security bulletin cannot be
reproduced due to copyright restrictions.  If you feel that this impedes your ability to
secure your systems, please contact Macromedia at secure@macromedia.com to request that
their security bulletins provide a copyright release.]



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC