SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Dreamweaver Vendors:   Macromedia
(Macromedia Issues Fix) Macromedia Dreamweaver PHP Users Authentication Extensions Permit Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1007531
SecurityTracker URL:  http://securitytracker.com/id/1007531
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 20 2003
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): MX 6.0
Description:   Lorenzo Hernandez Garcia-Hierro reported several vulnerabilities in Macromedia's Dreamweaver PHP User Authentication extensions. A remote user can conduct cross-site scripting attacks against servers that implement these functions.

It is reported that the PHP User Authentication extensions (available in the DevNet Resource Kit) contain an input validation flaw in the "Log In User" function in the "Access Denied" variable. The software reportedly does not filter user-supplied HTML code from the error message that is returned when a user attempts to access a restricted page without having logged in.

A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Dreamweaver-created PHP software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit URL is of the form:

http://[TARGET]/[PATH]/[LOGIN PAGE].php?[ACCESS DENIED VARIABLE]="><script>alert('.::\/\|NSRG-18-7|/\/::.');</script>

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the PHP software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   Macromedia has released a fix for Dreamweaver MX and the effected DRK Extensions. The fixes will be included in future releases of Dreamweaver.

Macromedia reports that you need to reapply the server behaviors to the pages that use them and redeploy those pages to your server after applying the patch.

The patches for Dreamweaver MX and the affected DevNet Resource Kit Extensions are available in TechNote 18839 at:

http://www.macromedia.com/go/0819032593b

To fix the flaw as it applies to UltraDev, see TechNote 18839 at:

http://www.macromedia.com/go/0819032593a

Vendor URL:  www.macromedia.com/devnet/security/security_zone/mpsb03-05.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  Apple (Legacy "classic" Mac), UNIX (macOS/OS X), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Aug 4 2003 Macromedia Dreamweaver PHP Users Authentication Extensions Permit Cross-Site Scripting Attacks



 Source Message Contents

Subject:  New Macromedia Security Zone Bulletins Posted



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
IMPORTANT:

A security issue that may affect Macromedia Dreamweaver, 
UltraDev, and DRK customers has come to our attention. 

To learn about this new issue and what actions you can 
take to address it, please visit the Security Zone:  
http://www.macromedia.com/security    
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

MPSB03-05 - Patch and workaround for Dreamweaver MX, 
DRK, and UltraDev Server Behaviors 

Originally posted: August 19, 2003 
Last updated: August 19, 2003  

~~~~~~~ 

SUMMARY: 

Recently, Macromedia became aware of a security issue 
with some of the server behaviors present in Dreamweaver MX, 
all versions of UltraDev, and two extensions that shipped as 
part of the DevNet Resource Kit (DRK) vol. 2 and vol. 4. 
If exploited, it is possible for an attacker to gain access 
to certain site-specific cookie and session information. 

~~~~~~~ 

SOLUTION: 

Macromedia has issued downloadable patches for Dreamweaver MX 
and the effected DRK Extensions. These fixes will be 
incorporated into all future releases of Dreamweaver. After 
updating your product, you will need to reapply the server 
behaviors to the pages that use them, and redeploy those pages 
to your server. To download the patches for Dreamweaver MX and 
the effected DevNet Resource Kit Extensions, please visit 
TechNote 18839:  
http://www.macromedia.com/go/0819032593b  

For information on how to resolve this issue in UltraDev,  
please visit TechNote 18839: 
http://www.macromedia.com/go/0819032593a  

For concerns or questions regarding this specific security 
bulletin, please send an e-mail to: 
DWMPSB0305@macromedia.com.

~~~~~~~ 

SEVERITY RATING: 

Macromedia categorizes this issue as an important update 
and recommends that users update their product with 
the respective patch. 

~~~~~~~ 

ISSUE: 

Macromedia has learned that the behavior issues, present 
in Dreamweaver MX, all versions of UltraDev, and two 
extensions included as part of the DRK vol. 2 and vol. 4 
contain a flaw that if exploited may allow an attacker to 
gain access to certain site-specific cookie and session 
information. This situation arises because the server 
behavior uses a redirect based on a variable, but the 
variable is not URL encoded. This allows an attacker to 
write script which may ultimately be executed on a user's 
browser.

Since the script is still subject to normal browser security, 
this vulnerability does not allow arbitrary access to the 
data on the user's machine, nor allow arbitrary code to run. 
Further, this does not allow access to information on the 
server, nor does it allow any code to be executed on the 
server. 

For a list of behaviors affected in Dreamweaver/DRK Server 
Behaviors, please visit TechNote 18838: 
http://www.macromedia.com/go/0819032593b  

For a list of behaviors affected in UltraDev, please visit 
TechNote 18839: 
http://www.macromedia.com/go/0819032593a 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Reporting Security Issues: 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~   

Macromedia is committed to addressing security issues and 
providing customers with the information on how they can 
protect themselves. If you identify what you believe may 
be a security issue with a Macromedia product, please 
send an e-mail to secure@macromedia.com. We will work to 
appropriately address and communicate the issue. 

~~~~~~~ 

Receiving Security Bulletins: 

When Macromedia becomes aware of a security issue that we 
believe significantly affects our products or customers, 
we will notify customers when appropriate. Typically, this 
notification will be in the form of a security bulletin 
explaining the issue and the response. Macromedia customers 
who would like to receive notification of new security 
bulletins when they are released can sign up for our 
security notification service at: 
http://www.macromedia.com/security   

For additional information on security issues at Macromedia, 
please visit the Security Zone at:  

http://www.macromedia.com/security   

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
THE INFORMATION PROVIDED BY MACROMEDIA IN THIS BULLETIN 
IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. 
MACROMEDIA AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, 
WHETHER EXPRESS OR IMPLIED OR OTHERWISE, INCLUDING THE 
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 
PARTICULAR PURPOSE. ALSO, THERE IS NO WARRANTY OF 
NON-INFRINGEMENT, TITLE, OR QUIET ENJOYMENT. (USA ONLY) 
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED 
WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU.  

IN NO EVENT SHALL MACROMEDIA, INC. OR ITS SUPPLIERS BE 
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT 
LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, 
SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS 
INTERRUPTION OR THE LIKE, OR LOSS OF BUSINESS DAMAGES, 
BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF 
CONTRACT, BREACH OF WARRANTY, TORT(INCLUDING NEGLIGENCE), 
PRODUCT LIABILITY OR OTHERWISE, EVEN IF MACROMEDIA, INC. 
OR ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN 
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) 
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF 
LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE 
ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU AND 
YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE 
TO STATE. 

Macromedia reserves the right to update the information in 
this document with current information. 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Macromedia Support, Privacy, and Unsubscribe Information 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

Thank you for your continued interest in Macromedia products. 
If you'd rather not receive Security Zone updates, send an 
e-mail to securityzone@macromedia.com and type REMOVE ME in 
the Subject line. You may also unsubscribe by visiting this 
web page: 
http://www.macromedia.com/go/unsubsz?email=**********

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC