Macromedia JRun ISAPI Filter Host Header Overflow

2004-04-08T23:13:55
ID OSVDB:5082
Type osvdb
Reporter David Litchfield(david@ngssoftware.com)
Modified 2004-04-08T23:13:55

Description

Vulnerability Description

A remote overflow exists in Macromedia JRun. The ISAPI DLL filter in Macromedia JRun fails to appropriately process overly long Host header field requests resulting in a buffer overflow. With a specially crafted ISAPI DLL request, a malicious user can execute arbitrary code on the system with system privileges or cause the system to crash resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Macromedia has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Macromedia JRun. The ISAPI DLL filter in Macromedia JRun fails to appropriately process overly long Host header field requests resulting in a buffer overflow. With a specially crafted ISAPI DLL request, a malicious user can execute arbitrary code on the system with system privileges or cause the system to crash resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor Specific Solution URL: http://www.macromedia.com/devnet/security/security_zone/mpsb02-02.html Vendor Specific Solution URL: http://www.macromedia.com/support/jrun/ts/documents/tn18091.htm Vendor Specific Advisory URL Other Advisory URL: http://www.nextgenss.com/advisories/jrun.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-05/0253.html Keyword: NISR29052002 Keyword: MPSB02-02 ISS X-Force ID: 9194 CVE-2002-0801 CERT VU: 703835 CERT: CA-2002-14 Bugtraq ID: 4873