Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Protection against Macromedia JRun 4 Web Server Buffer Overflow Vulnerability

Attack ID: CPAI-2005-161
Publish Date:
Category: Remote Code Execution
Vulnerable Systems: Macromedia JRun 4.0 prior to Updater 5

Source:  iDEFENSE ADVISORY: 12.21.05
Description:

A vulnerability exists in the Macromedia JRun Web server component. Remote exploitation of the vulnerability may allow attackers to execute arbitrary code or cause a denial of service condition. For the attack to be successful, the JRun Web server component must be active.

Severity:
Details: The vulnerability exists within the JRun 4 Web server, specifically in the handling of long request strings. By supplying a long URL (approximately 64k), a remote attacker can create a stack-based overflow, potentially allowing the execution of arbitrary code.

Attack Detection: Users of VPN-1 NG with Application Intelligence R54, R55 and R55W and users of VPN-1 NGX R60 should update their SmartDefense by clicking Online Update in the SmartDashboard General window.

Attack Name: HTTP Worm Catcher
Attack Information: Macromedia JRun 4 Buffer Overflow
Solution:

Users of VPN-1 NG with Application Intelligence R55 & R55W and users of VPN-1 NGX R60 should update their SmartDefense by clicking Online Update (R55 - Update now) in the SmartDashboard General window.

To enable the protection:

Users of R55W, R60:

1. On the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
2. Enable Macromedia JRun 4 Buffer Overflow.  

Users of R54, R55:

1. On the SmartDefense tree, click Application Intelligence > Web and enable General HTTP Worm Catcher.
2. Enable Macromedia JRun 4 Buffer Overflow.  

Industry Reference: CVE-2005-4472
Additional Information:

This update also includes:

- Protection against Microsoft COM vulnerability (MS05-054) - CPAI-2005-158
- Protection against Cisco IOS HTTP Server - CPAI-2005-159
- Protection against Microsoft IIS URI Denial of Service  - CPAI-2005-160