Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Macromedia JRUN Buffer overflow vulnerability

Macromedia JRUN Buffer overflow vulnerability

by Nikola Strahija on May 29th, 2002 Macromedia's JRun, previously owned by Allaire, is a J2EE Server designed to run on web servers to deliver java based online applications. The Win32 version 3.1 contains a remotely exploitable buffer overrun vulnerability that allows an attacker to gain complete control of the server in question.


When JRun is installed, an ISAPI filter/application is stored in the
/scripts virtual directory. If a request comes into the server for a .jsp
resource the JRun filter handles the request. Further, if the ISAPI DLL is
accessed directly it acts as an application. By making a request to the DLL
with an overly long Host header field, a saved return address is overwritten
on the stack allowing an attacker to gain control over the process'
execution. As the jrun DLL is loaded into the address space of the web
service process, inetinfo.exe, on both Internet Information Server 4 and 5,
any code supplied in an exploit will run in the security context of the
local SYSTEM account.





Fix Information

***************

NGSSoftware alerted Macromedia to this problem at the start of April and
since then JRun version 4 has been released. This version should contain the
fix to prevent this overrun and as such customers are advised to upgrade as
soon as possible. In the interim, one should consider using a tool such as
Sanctum's AppSheild or eEye's SecureIIS that help prevent such attacks.

A check for this issue has been added to Typhon II, NGSSoftware's
vulnerability assessment scanner, of which more information is available
from the NGSSite : http://www.ngssoftware.com/.

Further Information

*******************

For further information about the scope and effects of buffer overflows,
please see

http://www.ngssoftware.com/papers/ntbufferoverflow.html

http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf

http://www.ngssoftware.com/papers/unicodebo.pdf

http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf

Advisory URL: http://www.ngssoftware.com/advisories/jrun.txt



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »