House of Fusion
Home of the ColdFusion Community

Search cf-talk

November 20, 2008

<<   <   Today   >   >>
Su Mo Tu We Th Fr Sa
             1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30             

ColdFusion News

Adobe® ColdFusion® 8 Faster than ever
Upgrade Today

Adobe® ColdFusion® 8 The most dramatic release to date
Free Trial

Adobe® ColdFusion® 8 - There’s never been
A better time to be a ColdFusion Developer
Free Trial

Search over 2,500 ColdFusion resources here  >>>      
Home /  Groups /  ColdFusion Talk (CF-Talk)

cold fusion 5 0 cfrethrow exploit

  << Previous Post |  RSS |  Sort Oldest First |  Sort Latest First |  Subscribe to this Group Next >> 
Top | Reply | Original Post | Subscribe
08/02/2001 06:43 PM
Author:
Jeff Palmer

>   The root cause of the CFRETHROW exception is actually a Linux EGCS > 1.1.2 C++ compiler object-code generation bug. This compiler is used to > build ColdFusion 4.5 and 5.0, and the bug is related to C++ exception > throwing and handling object code generation.  This bug causes the internal > exception used to support the CFML CFRETHROW tag to exit the application > process, aborting the ColdFusion Server. There are many c/c++ compilers out their for the linux/(unix) environment. Is it possible that recompiling the source code with a different compiler would fix this vulnerability? Also,  have you attempted to work with the EGCS team to fix this 'bug'? Further  i would like to make one single comment about ColdFusion. You claim it's ColdFusion for linux,  when in reality it's more "ColdFusion for RedHat"  I have tried installing the ColdFusion server on various other flavors of linux,  and none worked (granted  I last tried with a ColdFusion beta,  but I doubt much has changed. My comment is this.  C/C++ is probably the most portable language in the world.  With a little (probably VERY little) effort on allaires part,  we could have a Coldfusion for *ix,  which would be able run on most flavors of unix.  (Redhat, slackware,debian,mandrake and other linux distros) as WELL as BSD (OpenBSD, FreeBSD, NetBSD, BSDi)  If your marketing team did it's research,  you'd probably see your sales would increase enough to make the code changes for cross platform binaries very profitable. Anyway..  the whole point to this email was lost..  Get with the EGCS developers and give them what you know about the bug..  maybe they can fix it..  also, try recompiling the codebase under another compiler and see if CFRETHROW is still vulnerable. Regards, Jeff Palmer scorpio@drkshdw.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority. com/bkinfo.cfm


<< Previous Thread Today's Threads Next Thread >>

Mailing Lists

Latest Fusion Authority Articles

ColdFusion 8 VPS hosting plans

Want a number like 800-ColdFusion?

My Toll Free 800 Number provides a vanity phone number service to clients who want more than just digits. How would you like 800-coldfusion?

www.MyTollFree800Number.com