RealTime IT News

Macromedia Fixes JRun/Web Services Vulnerability

Macromedia, Inc. , security officials plugged up a potential breach in old versions of its JRun software Thursday, preventing malicious hackers (a.k.a. crackers) from remotely exploiting a buffer overflow vulnerability.

JRun 3.0 and JRun 3.1 are the software developer's flagship Web services platform for Java 2 Enterprise Edition (J2EE) applications. Companies running the software on Windows NT4 or Windows 2000 machines using IIS 4/5 are affected.

The vulnerability, discovered by developers in a NGS Software Insight security research advisory and reported to the CERT Coordination Center, is considered a high-risk bug giving crackers remote administration of the company's entire Web server.

A patch can be found at Macromedia's download page and is already incorporated in JRun 4. Macromedia officials said anyone who has applied a security patch since November 2001 is safe from the vulnerability.

The bug was found when security experts at NGS Software put JRun through a buffer overflow test, also known as a denial of service (DoS) attack, and found a weakness in the ISAPI .dll. Crackers who access the ISAPI .dll directly as an application can swamp the Host Header field with too much information, causing the .dll to overwrite the field with a saved return address, giving them remote access to the entire Web server on a local SYSTEM account.

NGS Software reported the vulnerability to Macromedia back in April.

JRun, originally a software application developed by Allaire before Macromedia took over, has been a relatively bug-free piece of software. The only other reported vulnerability on the CERT site dates back to June 2000, with a "cross-site" scripting vulnerability, which has long since been patched.