Debbie
Thanks for the quick. You are probably right. I just checked the
Studio versions of a couple of our developers and it seems that after
installing Windows 2000 from scratch and re-installing CF Studio 4.5,
the additional updates hadn't been applied.
I apologize to the list for my erroneous thoughts regarding the
connection between my problem and recent security patch.
Jackson Moore
[EMAIL PROTECTED]
On Thu, 12 Jul 2001 08:51:07 -0400, Debbie Dickerson wrote:
>Michael,
>
>Your issue sounds more like a known bug with Studio. It was related
>to
>version Studio 4.5.0, and a hotfix was created for it. The fix is in
>the
>knowledge base at
>http://www.allaire.com/Handlers/index.cfm?ID=13852&Method=Full
>
>Debbie
>Macromedia
>
>-----Original Message-----
>From: Jackson Moore [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, July 12, 2001 8:40 AM
>To: CF-Talk
>Subject: Re: Important ColdFusion Security Patch Released Today
>
>
>Michael
>
>I don't know if it is related, but I (and a few other developers I
>know) have had the "0 byte file" issue hit us. Here was the
>scenario:
>
>Edit a .cfm file in CF Studio. Save file in CF Studio. Refresh
>browser to verify updates. Very, very seldom, we get an error from
>the CF Server that it can not read files that are 0 bytes in size.
>If I go back to studio, the file is still there. However, if I
>close
>the file (won't get prompted to save since it was already saved),
>the
>file is lost and I have to restore from a backup.
>
>You can imagine that the first time this showed up, everyone thought
>I was crazy and told me I had just accidentally overwritten the file
>myself with an empty file. These guys let me hear about it for
>weeks!
>
> Then a few weeks later it happened again. At first we blamed it on
>studio, then we blamed it on the network. Then it happened to
>another developer. You can imagine my relief (vindicated!) when I
>wasn't the only one who had been bit by this.
>
>Without more details from MM, I can't know for sure if this is the
>same issue addressed by their recent patch, but if it is, that means
>that CF Server was overwriting the file with a 0 byte file after I
>had successfully saved it from studio.
>
>Any thoughts?
>
>Jackson Moore
>[EMAIL PROTECTED]
>
>On Wed, 11 Jul 2001 15:35:45 -0400, Michael Dinowitz wrote:
>>Without going into details on my investigations yet, does anyone
>>know of
>>anyone being attacked by this hole? Has anyone found their
documents
>>either
>>deleted or replaced with a 0 byte file? If so, please contact me. I
>>think I
>>know what the hole is and just need some extra 'leg work'.
>>
>>
>>>
>>> From: "Howie Hamlin" <[EMAIL PROTECTED]>
>>>
>>> >> 2) the nature of the security problem - obviously MM is going
>>>for
>>> >> security-thru-obscurity and is not going to describe the exact
>>>problem,
>>but
>>> >> some clue as to the possible effects, how to tell if the
>>>weakness has
>>been
>>> >> taken advantage of, etc would be helpful
>>> >>
>>> >
>>> >No idea...in a way it's better that they don't point out the
>>vulnerability.
>>>
>>> And in a way it is far worse - since while we are 'closing the
>>>door' on
>>> a bug, without more details, how can we tell if someone has taken
>>advantage
>>> of that open door on our system?
>>> --
>>> Never apply a Star Trek solution to a Babylon 5 problem.
>>> Larry W. Virden <mailto:[EMAIL PROTECTED]> <URL:
>>http://www.purl.org/NET/lvirden/>
>>> Even if explicitly stated to the contrary, nothing in this
posting
>>>should
>>> be construed as representing my employer's opinions.
>>> -><-
>>>
>>>
>>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
