[VulnWatch] Macromedia Dreamweaver Remote Database Scripts (#NISR05042004B)

From: NGSSoftware Insight Security Research (nisr_at_nextgenss.com)
Date: 04/05/04

  • Next message: mattmurphy_at_kc.rr.com: "[VulnWatch] Advisory: Multiple Vulnerabilities in Monit"
    To: <bugtraq@securityfocus.com>, <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>, <vulnwatch@vulnwatch.org>
    Date: Mon, 5 Apr 2004 18:54:39 +0100
    
    

    NGSSoftware Insight Security Research Advisory

    Name: Macromedia Dreamweaver Remote Database Scripts
    Systems Affected: IIS/Dreamweaver MX and UltraDev 4
    Severity: Critical
    Vendor URL: http://www.macromedia.com/
    Author: David Litchfield [ david@ngssoftware.com ]
    Date Vendor Notified: 10th March 2004
    Date of Public Advisory: 5th April 2004
    Advisory number: #NISR05042004B
    Advisory URL: http://www.ngssoftware.com/advisories/dreamweaver.txt

    Description
    ***********
    Macromedia's Dreamweaver is used to develop web sites and applications. To
    aid in the development of web applications that require database
    connectivity certain test scripts are created and uploaded to the website.
    These scripts help to test database connectivity. If left these scripts can
    allow an attacker to gain access to the backend database server, without the
    attacker having to supply a user ID and password.

    Details
    *******
    To help test database connectivity when a web application is being developed
    an ASP script, mmhttpdb.asp, is upload to the website. This script can be
    accessed without and user ID or password and contains numerous operations.
    One of these operations allows users to list all Datasource Names defined on
    the web server. A second operation allows users to run arbitrary SQL
    queries. Using a combination of these two operations an attacker can
    compromise the backend database server. The vulnerable ASP script is usually
    uploaded to a "_mmServerScripts" directory if using Dreamweaver MX or
    "_mmDBScripts" directory if using Dreamweaver Ultradev. These directories
    should be deleted on production systems.

    Fix Information
    ***************
    Macromedia was alerted to this problem on the 10th of March, 2004 and has
    since issued a security bulletin:

    http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html

    Customers that think they may be vulnerable are urged to follow the
    directions of either Macromedia's or NGSSoftware's advisory.

    About NGSSoftware
    *****************
    NGSSoftware design, research and develop intelligent, advanced application
    security assessment scanners. Based in the United Kingdom, NGSSoftware have
    offices in the South of London and the East Coast of Scotland. NGSSoftware's
    sister company NGSConsulting, offers best of breed security consulting
    services, specialising in application, host and network security
    assessments.

    http://www.ngssoftware.com/

    Telephone +44 208 401 0070
    Fax +44 208 401 0076

    enquiries@ngssoftware.com


  • Next message: mattmurphy_at_kc.rr.com: "[VulnWatch] Advisory: Multiple Vulnerabilities in Monit"

    Relevant Pages