Security researchers have found a serious flaw in Macromedia Inc.s JRun Java application server that enables an attacker to gain complete control of a vulnerable machine.
The buffer overrun vulnerability lies in the ISAPI filter/application that is used to handle requests for Java Server Pages resources. In order to exploit the flaw, an attacker would have to send a request to the ISAPI DLL with an overly long host header field.
The DLL would then overwrite a saved return address on the stack, which would in turn give the attacker control over the processs execution. And because the DLL runs in the system context, any code the attacker executes would have system-level privileges, according to an advisory released Thursday by the CERT Coordination Center.
The flaw affects machines running Microsoft Corp.s Windows NT 4.0 or 2000 and IIS 4.0 or 5.0.
JRun versions 3.0 and 3.1 are vulnerable, but Version 4, released May 13 by Macromedia, contains a fix for the vulnerability.
There is also a patch, available at http://www.macromedia.com/v1/handlers/index.cfm?ID=22994.
CERT estimates that JRun is installed in more than 10,000 sites worldwide.