Secunia Security Advisory - Some vulnerabilities have been reported in Macromedia ColdFusion, which can be exploited by malicious people to bypass certain security restrictions, or by malicious, local users to disclose potentially sensitive information and bypass certain security restrictions.
4253614f74b18826ac049b15cbd98f9b17e7cd7ed80aede7c79707c50ebb45c6
TITLE:
Macromedia ColdFusion Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA18078
VERIFY ADVISORY:
http://secunia.com/advisories/18078/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Exposure of sensitive information
WHERE:
>From remote
SOFTWARE:
Macromedia ColdFusion MX 7
http://secunia.com/product/4984/
Macromedia ColdFusion MX 6.x
http://secunia.com/product/864/
DESCRIPTION:
Some vulnerabilities have been reported in Macromedia ColdFusion,
which can be exploited by malicious people to bypass certain security
restrictions, or by malicious, local users to disclose potentially
sensitive information and bypass certain security restrictions.
1) The Sandbox Security functionality fails silently without throwing
an exception when ColdFusion is running on a JRun 4 cluster member
with the Java SecurityManager disabled. This may allow the bypass of
certain security controls in applications that relies on Sandbox
Security.
2) An input validation error exists when handling of the "Subject"
field of the CFMAIL tag. This can be exploited in an application that
uses the tag to attach arbitrary files and send mails with any
content.
3) An error exists in the enforcing of the
"CFOBJECT/CreateObject(Java)" setting in the Sandbox Security
functionality. This may be exploited to call restricted methods
through an object of a specially crafted class written to the
ColdFusion library directory even when the setting has been
disabled.
The vulnerability may be related to:
SA12693
4) The password hash used to authenticate the ColdFusion
Administrator can be obtained by developers via an API call. This can
be exploited by malicious developers to obtain the hash and
authenticate as Administrator.
The vulnerabilities have been reported in version 7.0. ColdFusion MX
6.0, 6.1, and 6.1 with JRun, are affected by vulnerabilities #1 and
#2.
SOLUTION:
Apply updates.
ColdFusion MX 7.0:
Update to version 7.0.1.
http://www.macromedia.com/support/coldfusion/downloads_updates.html#mx7
ColdFusion MX 6.0:
Update to version 6.1 and then apply hotfix for version 6.1.
ColdFusion MX 6.1:
Apply hotfix.
http://download.macromedia.com/pub/security/mpsb05-12.zip
PROVIDED AND/OR DISCOVERED BY:
1) Russ Michaels
2) Mike Nicholls
3) Andy Allan
4) Fabio Terracini
ORIGINAL ADVISORY:
http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html
http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html
OTHER REFERENCES:
SA12693:
http://secunia.com/advisories/12693/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------