SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Adobe ColdFusion Vendors:   Adobe Systems Incorporated, Macromedia
ColdFusion MX Sandbox Lets Local Users Bypass CreateObject Restrictions and Obtain Authentication Information
SecurityTracker Alert ID:  1015371
SecurityTracker URL:  http://securitytracker.com/id/1015371
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 16 2005
Impact:   Disclosure of authentication information, Modification of system information, Modification of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): MX 7.0
Description:   A vulnerability was reported in Adobe (Macromedia) ColdFusion MX. A local user may be able to create an object when that function is disabled. A local user can obtain the administrative password hash and authenticate as an administrator.

The CFOBJECT sandbox security 'CreateObject(Java)' option is not properly enforced. A local user can still create an object when the option is disabled.

A local user can invoke a certain API call to obtain the ColdFusion Administrator password hash. With this hash value, a local user can authenticate as Administrator.

The vendor credits Andy Allan with reporting the CFOBJECT sandbox security vulnerability and Fabio Terracini with reporting the administrator hash vulnerability.

Impact:   A local user can create an object when that function is disabled.

A local user can obtain the administrative password hash and authenticate as an administrator.

Solution:   The vendor has issued a fixed version (7.0.1), available at:

http://www.macromedia.com/support/coldfusion/downloads_updates.html#mx7

Vendor URL:  www.macromedia.com/devnet/security/security_zone/mpsb05-14.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX)

Message History:   None.


 Source Message Contents

Subject:  Adobe Security Bulletins


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
Adobe Security Bulletins: 

- Flash Media Server 
- ColdFusion MX 6.X 
- JRun 4.0 server 
- ColdFusion MX 7  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

Vulnerability in Flash Media Server 

Originally posted: December 15, 2005

Summary: 
This bulletin addresses a publicly reported security issue 
with Flash Media Server.

Affected Software Versions: 
* Flash Media Server 2.0
* Flash Media Server 1.5

Severity Rating: 
Adobe categorizes this issue as important and recommends 
users apply this workaround to their installations:  
http://www.macromedia.com/go/mpsb05-11 

Learn more: 
http://www.macromedia.com/go/mpsb05-11 

~~~~~~~ 

MPSB05-12 Sandbox Security and CFMAIL Vulnerability in 
ColdFusion MX 6.X 

Originally posted: December 15, 2005

Summary: 
This bulletin addresses two (2) privately reported security 
issues with ColdFusion 6.X. 

Affected Software Versions: 
ColdFusion MX 6.0 
ColdFusion MX 6.1 
ColdFusion MX 6.1 with JRun 

Severity Rating: 
Adobe categorizes this issue as a important issue and 
recommends users patch their installations.

Learn more: 
http://www.macromedia.com/go/mpsb05-12 

~~~~~~~ 

MPSB05-13 Cumulative Security Updater for JRun 4.0 
server 

Originally posted: December 15, 2005

Summary: 
This is a cumulative security updater for JRun server 
that includes all previously released patches for 4.0. 

Affected Software Versions:  
JRun 4.0 (all editions) 

Severity Rating: 
Adobe categorizes this issue as a important issue 
and recommends users patch their installations.

Learn more: 
http://www.macromedia.com/go/mpsb05-13 

~~~~~~~ 

MPSB05-14 Cumulative Security Updater for ColdFusion MX 7 

Originally posted: December 15, 2005

Summary:  
This is a cumulative security updater for ColdFusion MX 7 
server that includes all previously released patches. 

Affected Software Versions: 
ColdFusion MX 7.0

Severity Rating: 
Adobe categorizes this issue as a important issue and 
recommends users patch their installations.

Learn more: 
http://www.macromedia.com/go/mpsb05-14 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
ANY INFORMATION, PATCHES, DOWNLOADS, WORKAROUNDS, OR FIXES 
PROVIDED BY ADOBE IN THIS BULLETIN ARE PROVIDED "AS IS" 
WITHOUT WARRANTY OF ANY KIND. ADOBE AND ITS SUPPLIERS 
DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED OR 
OTHERWISE, INCLUDING THE WARRANTIES OF MERCHANTABILITY 
AND FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO 
WARRANTY OF NON-INFRINGEMENT, TITLE, OR QUIET ENJOYMENT. 
(USA ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OF 
IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY 
TO YOU. IN NO EVENT SHALL ADOBE, INC. OR ITS SUPPLIERS BE 
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT 
LIMITATION, DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, 
SPECIAL, PUNITIVE, COVER, LOSS OF PROFITS, BUSINESS 
INTERRUPTION, OR THE LIKE, OR LOSS OF BUSINESS DAMAGES, 
BASED ON ANY THEORY OF LIABILITY INCLUDING BREACH OF 
CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), 
PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADOBE, INC. OR ITS 
SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN ADVISED OF 
THE POSSIBILITY OF SUCH DAMAGES. (USA ONLY) SOME STATES 
DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR 
CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION 
OR LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO HAVE 
OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE. 

Adobe reserves the right, from time to time, to update 
the information in this document with current information. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
This is a security message from Adobe Systems Incorporated, 
San Jose, CA  95110 USA. If you would prefer not to receive 
e-mail like this from Adobe in the future, please respond 
or send an e-mail to: 
direct@adobesystems-macromedia.com 

Your privacy is important to us. Please review Adobe's online 
Privacy Policy by clicking here:  
http://www.adobe.com/misc/privacy.html 

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC