Adobe ColdFusion CFML templates sandbox restriction bypass

coldfusion-cfml-sandbox-bypass (28920)

Medium Risk

Description:

Adobe ColdFusion could allow a local attacker to bypass sandbox security restrictions, caused by a vulnerability regarding CFML template permissions. An attacker could exploit this vulnerability using CFML templates outside the sandbox to call CFC components within the sandbox.

Platforms Affected:

• Apple, Mac OS X 10.3.9
• Apple, Mac OS X 10.4.2
• Apple, Mac OS X 10.4.3
• IBM, AIX 5.1
• IBM, AIX 5.3
• IBM, AIX 5L
• Macromedia, ColdFusion 7.0
• Macromedia, ColdFusion 7.0.1
• Microsoft, Windows 2000 Professional
• Microsoft, Windows 2000 Datacenter Server
• Microsoft, Windows 2000 Advanced Server
• Microsoft, Windows 2003 Server Standard
• Microsoft, Windows 2003 Server Enterprise
• Microsoft, Windows 2003 Server Web
• Sun, Solaris 10
• Sun, Solaris 8
• Sun, Solaris 9

Remedy:

Upgrade to the latest version of ColdFusion MX (7.0.2 or later), as listed in APSB06-13. See References.

Consequences:

Bypass Security

References:

• APSB06-13, ColdFusion Sandbox Security vulnerability at http://www.adobe.com/support/security/bulletins/apsb06-13.html.
• ColdFusion MX7 Web page, ColdFusion MX7 at http://www.macromedia.com/software/coldfusion/?promoid=home_prod_cf_082403.
• BID-19985: ColdFusion SandBox Security Bypass Vulnerability
• CVE-2006-4725: Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.
• SA21866: ColdFusion Denial of Service and Sandbox Bypass
• SECTRACK ID: 1016833: Adobe ColdFusion Infinite Loop Permits Denial of Service Attacks and Input Validation Hole Permits Cross-Site Scripting Attacks
• VUPEN/ADV-2006-3574: Adobe Macromedia ColdFusion Denial of Service and Security Bypass Vulnerabilities

Reported:

Sep 12, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page