According to Entercept, when we try to start CFMX 7 there's a buffer overflow. Entercept stops CFMX from starting, saying this is a hack attempt.
We aren't having this issue on another seemingly identical machine. Anybody have an ideas on this? thanks, Chris Norloff CFMX 7.0.1 (with CHF1, on Solaris 9, Apache) running as userid=cfmxuser, which is what it was installed to run as. Event Description An attempt to invoke system call [value not available] through a buffer overflow in cfmx7 (/opt/coldfusionmx7/runtime/bin/cfmx7) running with the privileges of user cfmxuser on the system with Agent [machinename]was detected. This attack utilizes the return-to-libc technique. This operation was successful. It would have been prevented if the Agent IPS module were set to Protect Mode. General Signature Description: This event indicates that an unspecified buffer overflow attack was attempted against a component of the operating system or an application using the "return-to-libc" technique. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:230618 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
