SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Adobe Dreamweaver Vendors:   Macromedia
Macromedia Dreamweaver Test Scripts Disclose DSNs to Remote Users and May Permit SQL Injection
SecurityTracker Alert ID:  1009649
SecurityTracker URL:  http://securitytracker.com/id/1009649
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 3 2004
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): MX 2004, MX, UltraDev 4
Description:   A vulnerability was reported in Macromedia Dreamweaver. In a certain configuration, a remote user can view data source names and may be able to inject SQL commands.

Macromedia reported that Dreamweaver installs some test scripts that may reveal data source names (DSNs) to remote users or allow remote users to execute SQL commands on the target system.

When the "Using Driver On Testing Server" or "Using DSN on Testing Server" settings are configured in the database connections dialog box, Dreamweaver will upload a script to the database that permits remote access to the database driver via the HTTP protocol. A remote user can view the DSNs, the bulletin said. It is also reported that if the DSNs and databases are not password protected, a remote user can execute SQL commands on the database.

Macromedia has assigned a critical severity rating to this flaw.

The vendor credits David Litchfield of Next Generation Security Software Limited with reporting this vulnerability.

Impact:   A remote user can view the data source names on the target system. If the DSNs and databases are not password protected, a remote user can execute SQL commands on the database.
Solution:   Macromedia has described the following solution [quoted]:

"Customers should not define a database connection using the driver on a testing server accessible to the public. To prevent unauthorized access to the database, password-protect the database. If a database connection has been defined, use Dreamweaver's Remove Connection Scripts menu command to remove the files that expose the database. This issue is described in greater detail in Security implications of remote database connectivity (TechNote 19214)."

TechNote 19214:

http://www.macromedia.com/support/dreamweaver/ts/documents/rem_db_security.htm

Vendor URL:  www.macromedia.com/devnet/security/security_zone/mpsb04-05.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Apple (Legacy "classic" Mac), UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html


http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html

 > MPSB 04-05 Potential Risk in Dreamweaver Remote Database Connectivity
 > Originally posted: April 2, 2004
 > Last updated: April 2, 2004

Macromedia issued a security bulletin warning of a vulnerability in Dreamweaver.  The 
product reportedly installs some test scripts that may reveal data source names (DSNs) to 
remote users or allow remote users to execute SQL commands on the target system.

When the "Using Driver On Testing Server" or "Using DSN on Testing Server" settings are 
configured in the database connections dialog box, Dreamweaver will upload a script to the 
database that permits remote access to the database driver via the HTTP protocol.  A 
remote user can view the DSNs, the bulletin said.  It is also reported that if the DSNs 
and databases are not password protected, a remote user can execute SQL commands on the 
database.

The following product versions are affected:

Dreamweaver MX 2004 (all versions)
Dreamweaver MX (all versions)
Dreamweaver UltraDev 4 (all versions)

Macromedia has assigned a critical severity rating to this flaw.

Macromedia has provided the following solution [quoted]:

"Customers should not define a database connection using the driver on a testing server 
accessible to the public. To prevent unauthorized access to the database, password-protect 
the database. If a database connection has been defined, use Dreamweaver's Remove 
Connection Scripts menu command to remove the files that expose the database. This issue 
is described in greater detail in Security implications of remote database connectivity 
(TechNote 19214)"

TechNote 19214:

http://www.macromedia.com/support/dreamweaver/ts/documents/rem_db_security.htm

The vendor credits David Litchfield of Next Generation Security Software Limited with 
reporting this vulnerability.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC