TITLE: Macromedia ColdFusion Multiple Vulnerabilities SECUNIA ADVISORY ID: SA18078 VERIFY ADVISORY: http://secunia.com/advisories/18078/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of sensitive information WHERE: >From remote SOFTWARE: Macromedia ColdFusion MX 7 http://secunia.com/product/4984/ Macromedia ColdFusion MX 6.x http://secunia.com/product/864/ DESCRIPTION: Some vulnerabilities have been reported in Macromedia ColdFusion, which can be exploited by malicious people to bypass certain security restrictions, or by malicious, local users to disclose potentially sensitive information and bypass certain security restrictions. 1) The Sandbox Security functionality fails silently without throwing an exception when ColdFusion is running on a JRun 4 cluster member with the Java SecurityManager disabled. This may allow the bypass of certain security controls in applications that relies on Sandbox Security. 2) An input validation error exists when handling of the "Subject" field of the CFMAIL tag. This can be exploited in an application that uses the tag to attach arbitrary files and send mails with any content. 3) An error exists in the enforcing of the "CFOBJECT/CreateObject(Java)" setting in the Sandbox Security functionality. This may be exploited to call restricted methods through an object of a specially crafted class written to the ColdFusion library directory even when the setting has been disabled. The vulnerability may be related to: SA12693 4) The password hash used to authenticate the ColdFusion Administrator can be obtained by developers via an API call. This can be exploited by malicious developers to obtain the hash and authenticate as Administrator. The vulnerabilities have been reported in version 7.0. ColdFusion MX 6.0, 6.1, and 6.1 with JRun, are affected by vulnerabilities #1 and #2. SOLUTION: Apply updates. ColdFusion MX 7.0: Update to version 7.0.1. http://www.macromedia.com/support/coldfusion/downloads_updates.html#mx7 ColdFusion MX 6.0: Update to version 6.1 and then apply hotfix for version 6.1. ColdFusion MX 6.1: Apply hotfix. http://download.macromedia.com/pub/security/mpsb05-12.zip PROVIDED AND/OR DISCOVERED BY: 1) Russ Michaels 2) Mike Nicholls 3) Andy Allan 4) Fabio Terracini ORIGINAL ADVISORY: http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html OTHER REFERENCES: SA12693: http://secunia.com/advisories/12693/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------