Adobe Macromedia ColdFusion Insecure File Permissions Vulnerability
BID:23405
Info
Adobe Macromedia ColdFusion Insecure File Permissions Vulnerability
| Bugtraq ID: | 23405 |
| Class: | Design Error |
| CVE: |
CVE-2007-1874 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 10 2007 12:00AM |
| Updated: | Apr 11 2007 09:41PM |
| Credit: | This vulnerability was discovered by Sean Larsson from iDefense Labs. |
| Vulnerable: |
Adobe ColdFusion MX 7.02 |
| Not Vulnerable: | |
Discussion
Adobe Macromedia ColdFusion Insecure File Permissions Vulnerability
Adobe Macromedia ColdFusion is prone to an insecure-file-permissions vulnerability. This issue stems from a previous patch that sets unsafe directory permissions.
A local attacker can exploit this issue to gain administrative privileges on the affected computer. A successful exploit would lead to the complete compromise of affected computers.
ColdFusion 7.0.2.142559 for Linux is vulnerable to this issue.
Adobe Macromedia ColdFusion is prone to an insecure-file-permissions vulnerability. This issue stems from a previous patch that sets unsafe directory permissions.
A local attacker can exploit this issue to gain administrative privileges on the affected computer. A successful exploit would lead to the complete compromise of affected computers.
ColdFusion 7.0.2.142559 for Linux is vulnerable to this issue.
Exploit / POC
Adobe Macromedia ColdFusion Insecure File Permissions Vulnerability
An attacker can exploit this issue by using standard utilities to access the vulnerable file.
An attacker can exploit this issue by using standard utilities to access the vulnerable file.
Solution / Fix
Adobe Macromedia ColdFusion Insecure File Permissions Vulnerability
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
References
Adobe Macromedia ColdFusion Insecure File Permissions Vulnerability
References:
References: