[ISN] Flaw in Macromedia JRun could let attacker take over

From: InfoSec News (isnat_private)
Date: Thu May 30 2002 - 01:34:23 PDT

Next message: InfoSec News: "[ISN] Security UPDATE, May 29, 2002"

Previous message: InfoSec News: "[ISN] Microsoft Exchange hole "critical""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.nwfusion.com/news/2002/0529jrunflaw.html

By Sam Costello
IDG News Service, 05/29/02

A buffer overflow in Macromedia's JRun Java 2 Enterprise Edition 
server could allow an attacker to take complete control of a 
vulnerable server, according to a bulletin released Wednesday by 
security group Next Generation Security Software.

The vulnerability exists in JRun 3.1 running on Microsoft's Internet 
Information Services (IIS) 4.0 and 5.0 on Windows NT 4 and Windows 
2000, the group said in its alert. The group contacted Macromedia 
about the bug in early April and a new version of JRun, Version 4.0, 
has been released since then that should fix the problem, the group 
said. The group urged users to upgrade to the newest version of the 
software.

A patch to fix the issue without upgrading to JRun 4 is available from 
Macromedia. Click here to access the fix [1]. 

The flaw, which can be exploited remotely, comes as a result of an 
Internet Services Application Programming Interface (ISAPI) file 
created when JRun is installed, the security group said. ISAPIs are a 
part of IIS designed to offer more functionality to programs.

The ISAPI related to JRun can be accessed directly and acts like an 
application when it is, the group said. When the file is accessed, it 
is vulnerable to a buffer overflow that can allow any code supplied in 
the attack to be run in the system's local security context, the group 
said.

ISAPIs have caused a number of problems for users in the past year. 
Mostly recently, Microsoft patched two IIS holes in April that allow 
attackers to run code of their choice on vulnerable IIS systems. 
Another ISAPI flaw was exploited in mid-2001 by the Code Red worm, 
which infected thousands of computers worldwide and was one of the 
year's major security events.

Next Generation Security Software's full alert can be found at the 
group's Web site [2]. 

[1] http://www.macromedia.com/v1/Handlers/index.cfm?ID=22273&Method=Full
[2] http://www.nextgenss.com/advisories/jrun.txt



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Security UPDATE, May 29, 2002"
Previous message: InfoSec News: "[ISN] Microsoft Exchange hole "critical""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 30 2002 - 04:22:46 PDT