JRun mod_jrun WriteToLog buffer overflow

Added: 12/10/2005
CVE: CVE-2004-0646
BID: 11245
OSVDB: 10546

Background

Macromedia JRun is a J2EE application server. mod_jrun is an Apache module which enables the use of JRun applications through an Apache web server.

Problem

A buffer overflow vulnerability in mod_jrun and mod_jrun20 allows a remote attacker to execute arbitrary commands on the web server if verbose logging is enabled.

Resolution

Apply the patch referenced in Macromedia Security Bulletin 04-08.

References

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=145&type=vulnerabilities

Limitations

Exploit works on JRun 4 SP1a with verbose logging enabled.

Platforms

Windows 2000
Windows XP / Windows XP SP1
Windows XP SP2
Windows Server 2003
Red Hat / Linux
CentOS

Back to exploit index