http://www.nwfusion.com/news/2002/0529jrunflaw.html By Sam Costello IDG News Service, 05/29/02 A buffer overflow in Macromedia's JRun Java 2 Enterprise Edition server could allow an attacker to take complete control of a vulnerable server, according to a bulletin released Wednesday by security group Next Generation Security Software. The vulnerability exists in JRun 3.1 running on Microsoft's Internet Information Services (IIS) 4.0 and 5.0 on Windows NT 4 and Windows 2000, the group said in its alert. The group contacted Macromedia about the bug in early April and a new version of JRun, Version 4.0, has been released since then that should fix the problem, the group said. The group urged users to upgrade to the newest version of the software. A patch to fix the issue without upgrading to JRun 4 is available from Macromedia. Click here to access the fix . The flaw, which can be exploited remotely, comes as a result of an Internet Services Application Programming Interface (ISAPI) file created when JRun is installed, the security group said. ISAPIs are a part of IIS designed to offer more functionality to programs. The ISAPI related to JRun can be accessed directly and acts like an application when it is, the group said. When the file is accessed, it is vulnerable to a buffer overflow that can allow any code supplied in the attack to be run in the system's local security context, the group said. ISAPIs have caused a number of problems for users in the past year. Mostly recently, Microsoft patched two IIS holes in April that allow attackers to run code of their choice on vulnerable IIS systems. Another ISAPI flaw was exploited in mid-2001 by the Code Red worm, which infected thousands of computers worldwide and was one of the year's major security events. Next Generation Security Software's full alert can be found at the group's Web site .  http://www.macromedia.com/v1/Handlers/index.cfm?ID=22273&Method=Full  http://www.nextgenss.com/advisories/jrun.txt - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu May 30 2002 - 04:22:46 PDT