Macromedia Multiple Product Verbose Mode Overflow

2004-09-23T05:39:18
ID OSVDB:10241
Type osvdb
Reporter iDEFENSE(idlabs-advisories@idefense.com)
Modified 2004-09-23T05:39:18

Description

Vulnerability Description

A remote overflow exists in JRun, ColdFusion MX and ColdFusion MX J2EE - JRun. They fail to properly check boundaries in the verbose logging module resulting in a buffer overflow. With a specially crafted request, an attacker can cause a DoS resulting in a loss of availability.

Solution Description

Macromedia, Inc. has released a patch to address this vulnerability. As a workaround, disable the verbose debug mode.

Short Description

A remote overflow exists in JRun, ColdFusion MX and ColdFusion MX J2EE - JRun. They fail to properly check boundaries in the verbose logging module resulting in a buffer overflow. With a specially crafted request, an attacker can cause a DoS resulting in a loss of availability.

References:

Vendor URL: http://www.macromedia.com/ Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1011404 Secunia Advisory ID:12638 Secunia Advisory ID:12647 Related OSVDB ID: 10238 Related OSVDB ID: 10240 Related OSVDB ID: 10239