ColdFusion Directory Traversal FAQ (CVE-2010-2861)

["Adrian P." <ap () gnucitizen org>]

Hi guys,

I wrote an FAQ attempting to illustrate why I think that Adobe should
have rated the new directory traversal bug as 'Critical' rather than
'Important'. This vulnerability, which was discovered by Richard
Brain, can result in remote command execution with SYSTEM privileges
on Windows servers. A real attack walk-through on how to accomplish
this has been included in the FAQ, along with solutions and mitigating
factors:

http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/

IMHO, this is one of the most serious web security bugs since
CVE-2009-1151 for which I created the first public POC (the bug was
actually discovered by Greg Ose). This CF vulnerability, has all the
ingredients for a serious bug:

- It affects a relatively popular corporate product
- The affected component (ColdFusion web admin console) is often Internet-facing
- No authentication is required to exploit the vulnerability
- Commands can be run remotely with SYSTEM privileges, which means
that the underlying OS can be fully compromised

Regards,
ap

-- 
pagvac | GNUCITIZEN.org
PGP Key ID: 0x6B232C7C
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave