File: 100000122.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (77 lines) | stat: -rw-r--r-- 1,807 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
Rule: 

--
Sid: 
100000122

-- 
Summary: 
This event is generated when an attempt is made to exploit a buffer overflow in 
the Macromedia mod_jrun module.

-- 

Impact: 
The affected server will be crashed, and remote code execution with the 
privileges of the server is possible.

--
Detailed Information:
Specially crafted data which is sent to the vulnerable server that contains a 
colon followed by 1,000 or more bytes will trigger this buffer overflow. The 
affected server will crash, and remote code execution with the privileges of 
the affected server is possible.
NOTE: This rule may severely impact performance. It is recommended that you 
disable this rule if you are not running vulnerable software.

--
Affected Systems:
Macromedia ColdFusion MX 6.0
Macromedia ColdFusion MX 6.1
Macromedia ColdFusion MX J2EE 6.1
Macromedia JRun 3.0
Macromedia JRun 3.1
Macromedia JRun 4.0
Hitachi Cosminexus Enterprise Enterprise Edition 01-02
Hitachi Cosminexus Enterprise Enterprise Edition 01-01
Hitachi Cosminexus Enterprise Standard Edition 01-02
Hitachi Cosminexus Enterprise Standard Edition 01-01
Hitachi Cosminexus Server Web Edition 01-02
Hitachi Cosminexus Server Web Edition 01-01

--

Attack Scenarios: 
A script must be used to exploit this vulnerability.

-- 

Ease of Attack: 
Simple, as an attack is included as part of the Metasploit vulnerability 
testing framework.

-- 

False Positives:
None Known.

--
False Negatives:
None Known.

-- 

Corrective Action: 
Patches are available from Macromedia. As a workaround, the vendor suggests 
disabling the "verbose" debug mode on web server connectors, as it will stop 
attackers from exploiting this vulnerability.

--
Contributors: 
Judy Novak <judy.novak@sourcefire.com>
Alex Kirk <alex.kirk@sourcefire.com>

-- 
Additional References:

--