[NEWS] Duplicate Session IDs Cause JRun Security Vulnerability (Hotfix)
From: support@securiteam.comDate: 12/09/01
- Previous message: support@securiteam.com: "[NEWS] Buffer Overflow Found in Outlook Express for Macintosh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sun, 9 Dec 2001 15:27:32 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Duplicate Session IDs Cause JRun Security Vulnerability (Hotfix)
------------------------------------------------------------------------
SUMMARY
On all platforms, JRun session management has a software defect that
allows users to have duplicate sessions in specific circumstances. This
effectively compromises session security.
DETAILS
Affected software versions:
* JRun 3.1 (all editions)
* JRun 3.0 (all editions)
Example:
For a web application called "ctx", access to the default document without
the trailing slash, like this:
http://[machinename]/ctx
Would give the user a session id that was already active instead of a new
session.
Macromedia is currently working on one case that is very specific in its
setup where the problem still occurs. Macromedia have not, as of yet, been
able to reproduce this problem in house. Macromedia believes that the
current workaround will be sufficient in a vast majority of the cases. You
will be notified of an updated fix to this issue in the event that the
current issue under investigation is, in fact, a JRun problem.
What Macromedia is doing:
Macromedia has published this bulletin, notifying customers of the problem
and making a hotfix available. Macromedia also intends to patch this
problem in the next cumulative release of JRun 3.1.
What customers should do:
Macromedia recommends that users download the patch corresponding to the
JRun version you are running. JRun users can find the patch for
installation at the following URIs. Instructions for installation are
included:
* JRun 3.0:
<http://download1.allaire.com/publicdl/en/jrun/30/JRun30_HF_24049.jar>
Hotfix 24049 for JRun 3.0
* JRun 3.1:
<http://download.allaire.com/publicdl/en/jrun/31/JRun31_HF_24049.jar>
Hotfix 24049 for JRun 3.1
The instructions for installation are contained in the jar file that you
will be downloading. Please read the txt file included in the jar file for
instructions on how to apply this patch. Macromedia has also included
installation instructions in this document for your convenience.
Please note: As always, customers should test changes in a testing
environment before modifying production servers.
Patch installation instructions:
In order to apply this patch, you should have the latest full security
rollup for JRun 3.1 - build 16777. Please reference the following
document:
<http://www.allaire.com/handlers/index.cfm?ID=21498&Method=Full>
MPSB01-06: JRun 3.1, JRun 3.0, JRun 2.3.3: Cross-site scripting
vulnerability (a.k.a. JavaScript code execution vulnerability)
Verifying the current version you currently have as follows:
To verify the current version, you can run the following commands:
Windows 2000/NT/Win9x command prompt:
cd "Program Files\Allaire\JRun\bin"
jrun -version
Unix/Linux
cd /opt/jrun/bin
jrun -version
Follow the steps below to apply the patch
1) Bring down all JRun servers running on a specific machine.
2) Place the JRun3x_HF_24049.jar in the JRun/lib directory.
3) Edit the /JRun/lib/global.properties file and add the hotfix .jar file
to the FRONT of the jrun.classpath variable as in the example below:
jrun.classpath={jrun.rootdir}/lib/JRun3x_HF_24049.jar;{jrun.rootdir}/lib/ext;{jrun.rootdir}/lib/jrun.jar;{jrun.rootdir}/lib/install.jar;D:\\jdk1.3\\lib\\tools.jar
Note that you should replace the x with either "0" or "1" depending upon
the version you are working with.
4) Restart the JRun servers.
Make sure the server(s) start up correctly by checking the /JRun/logs
files for errors.
ADDITIONAL INFORMATION
The information has been provided by <mailto:newsflash@macromedia.com>
Macromedia Security Alert.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] Buffer Overflow Found in Outlook Express for Macintosh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
