CFMX Privilege Escalation Vulnerability

Posted By: Cameron Childress | October 7, 2004 11:43AM
Related Categories: ColdFusion

According to Security Focus:
Reportedly Macromedia ColdFusion MX is affected by privilege escalation vulnerability when handling templates. This issue is due to an access validation error that allows a user to perform actions with administrator privileges. An attacker may exploit this issue to gain administrative privileges on a computer running the vulnerable application.
There is even some exploit code available... This exploit is primarily a concern to sites on shared CFMX servers. I wonder though, if this exploit will work under all configurations. It seems to me that multi-instance configurations could/should be immune. If anyone has more info on this, please feel free to chare in the comments. Hat tip to Bump for sending me the link to this.

Comments (6)

Add Comment ]

Alex Hubner Is worthy to read my article on the September's CFDJ edition:

http://www.sys-con.com/story/?storyid=46357

# Posted By Alex Hubner | October 7, 2004 6:54 PM

Cameron Childress The link is password protected. Would you like the enlighten us as to what that article is about?

# Posted By Cameron Childress | October 7, 2004 8:35 PM

Andy Allan You can sign up for the free digital version :)

http://www.sys-con.com/coldfusion/subscribe.cfm

# Posted By Andy Allan | October 8, 2004 1:39 AM

Alex Hubner It's about Sandbox Security and the need to NOT enable CFOBJECT e CreateObject() on a shared environment.

# Posted By Alex Hubner | October 8, 2004 5:01 AM

Cameron Childress Excellent. I had a feeling this was old news. I wonder how many shared hosting providors are correctly configured....

# Posted By Cameron Childress | October 8, 2004 11:54 AM

Sean Corfield But disabling CFOBJECT and createObject() breaks almost all CFC code - including Mach II. And sandbox security is only available in the Enterprise Edition which a lot of shared hosts don't run apparently. Correct?

# Posted By Sean Corfield | October 13, 2004 8:29 AM

Add Comment ]

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)





Leave this field empty:

Categories

coldfusion misc user groups standards security technology flex sumo adobe max fitness coworkingatlanta commonspot version control travel svn robots that rock productivity music bluedragon air wireless vpn san diego railo jobs javascript webdirections scalability mysql fusionreactor fusebox etech cfobjective cfeclipse

Recent Posts

Archives By Month