[virusinfo] Oxygen3 24h-365d [Potential Risk in Dreamweaver Remote Database C onnectivity - 04/07/04] - virusinfo

[virusinfo] Oxygen3 24h-365d [Potential Risk in Dreamweaver Remote Database C onnectivity - 04/07/04]

From: "Mike" <mikebike@xxxxxxxxx>
To: virusinfo@xxxxxxxxxxxxx
Date: Thu, 08 Apr 2004 07:04:19 -0700


From: Oxygen3 24h-365d:

"Absence of occupation is not rest; 
             A mind quite vacant is a mind distressed."
              William Cowper (1731-1800); English poet.

    - Potential Risk in Dreamweaver Remote Database Connectivity -
   Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, April 7 2004 - Macromedia has published -at
http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html- a
security bulletin informing of a potential risk in Dreamweaver's remote
database connectivity.

According to the bulletin, connection to remote databases in Dreamweaver
-for building dynamic database-driven websites- installs scripts that can
unveil DSNs (*) to attackers. As a result, an attacker could use those
scripts to send SQL commands to the server and take control of the database
server.

Macromedia advises users not to define a database connection using the
driver on a testing server accessible to the public. If a connection has
been defined, use "Dreamweaver's Remove Connection Scripts" menu command to
remove the files that allow access to the database, which should also be
password-protected.

Users and programmers are advised to read the document available at
http://www.macromedia.com/go/DMJL_AACE, about the security implications of
remote database connectivity.
 
*DSN (Data Source Name): Way in which an ASP application refers to a
database. The DSN contains relevant information on the database, including
its location or how to access it.

NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------

The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's
free online scanner: 1)Netsky.P; 2)Netsky.D; 3)Netsky.B; 4)Nachi.B;
5)Downloader.L.
 
------------------------------------------------------------

Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member

[virusinfo] Oxygen3 24h-365d [Potential Risk in Dreamweaver Remote Database C onnectivity - 04/07/04]

Other related posts: