[NT] Macromedia Dreamweaver Remote Database Test Scripts Vulnerabilities
From: SecuriTeam (support_at_securiteam.com)
Date: 04/07/04
- Previous message: SecuriTeam: "[NT] Blaxxun3D Romote Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 7 Apr 2004 16:46:58 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Macromedia Dreamweaver Remote Database Test Scripts Vulnerabilities
------------------------------------------------------------------------
SUMMARY
Macromedia's Dreamweaver is used to develop web sites and applications. To
aid in the development of web applications that require database
connectivity certain test scripts are created and uploaded to the website.
These scripts help to test database connectivity.
If left these scripts can allow an attacker to gain access to the backend
database server, without the attacker having to supply a user ID and
password.
DETAILS
Vulnerable Systems:
* Dreamweaver MX and UltraDev 4
To help test database connectivity when a web application is being
developed an ASP script, mmhttpdb.asp, is upload to the website. This
script can be accessed without and user ID or password and contains
numerous operations. One of these operations allows users to list all
Datasource Names defined on the web server. Another operation allows a
user running the script to issue SQL queries to the backend database
server.
Using the operations provided by the script, one could compromise the
server entirely. The vulnerable ASP script is usually uploaded to a
"_mmServerScripts" directory if using Dreamweaver MX or "_mmDBScripts"
directory if using Dreamweaver UltraDev. These directories should be
deleted on production systems. When combining this mis-configuration
vulnerability with other types of vulnerabilities such as directory
traversal, it becomes easily apparent how an attacker can gain access to
the test scripts.
Vendor Status:
Macromedia was alerted to this problem on the 10th of March, 2004 and has
since issued a security bulletin. Instructions for eliminating the
vulnerability can be found in Macromedia's advisory which can be found at
http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html.
ADDITIONAL INFORMATION
The information has been provided by <mailto:nisr@nextgenss.com>
NGSSoftware Insight Security Research.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] Blaxxun3D Romote Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
