[ISN] Flaw in Macromedia JRun could let attacker take over

From: InfoSec News (isnat_private)
Date: Thu May 30 2002 - 01:34:23 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, May 29, 2002"

    By Sam Costello
    IDG News Service, 05/29/02
    A buffer overflow in Macromedia's JRun Java 2 Enterprise Edition 
    server could allow an attacker to take complete control of a 
    vulnerable server, according to a bulletin released Wednesday by 
    security group Next Generation Security Software.
    The vulnerability exists in JRun 3.1 running on Microsoft's Internet 
    Information Services (IIS) 4.0 and 5.0 on Windows NT 4 and Windows 
    2000, the group said in its alert. The group contacted Macromedia 
    about the bug in early April and a new version of JRun, Version 4.0, 
    has been released since then that should fix the problem, the group 
    said. The group urged users to upgrade to the newest version of the 
    A patch to fix the issue without upgrading to JRun 4 is available from 
    Macromedia. Click here to access the fix [1]. 
    The flaw, which can be exploited remotely, comes as a result of an 
    Internet Services Application Programming Interface (ISAPI) file 
    created when JRun is installed, the security group said. ISAPIs are a 
    part of IIS designed to offer more functionality to programs.
    The ISAPI related to JRun can be accessed directly and acts like an 
    application when it is, the group said. When the file is accessed, it 
    is vulnerable to a buffer overflow that can allow any code supplied in 
    the attack to be run in the system's local security context, the group 
    ISAPIs have caused a number of problems for users in the past year. 
    Mostly recently, Microsoft patched two IIS holes in April that allow 
    attackers to run code of their choice on vulnerable IIS systems. 
    Another ISAPI flaw was exploited in mid-2001 by the Code Red worm, 
    which infected thousands of computers worldwide and was one of the 
    year's major security events.
    Next Generation Security Software's full alert can be found at the 
    group's Web site [2]. 
    [1] http://www.macromedia.com/v1/Handlers/index.cfm?ID=22273&Method=Full
    [2] http://www.nextgenss.com/advisories/jrun.txt
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu May 30 2002 - 04:22:46 PDT