COMMAND

	Resin default install vulnerabilities

SYSTEMS AFFECTED

	Resin 2.1.2 standalone on Windows 2000 Server

PROBLEM

	Peter Gründl [pgrundl@kpmg.dk] of KPMG Danbemark said :
	

	 1. Arbitrary File Reading

	 =========================

	

	In a default installation of Resin server, the examples folder  will  be
	installed as well.
	

	The sample script view_source.jsp tries to chroot to  the  folder  where
	it is located. If you look at the sourcecode, it says:
	

	\"// Chroot to the current directory so no one can use this as a p
	 // security hold\"

	

	Attempts to use /../ to break  out  of  the  examples  folder  are  also
	foiled by the script. However, if you replace the /../ with  \\..\\  you
	can access any file on the drive that Resin has access to.
	

	 2. Denial of Service

	 ====================

	

	By defining large variables when accessing non-existant  ressources,  it
	is possible to consume the entire workspace on  the  server.  This  will
	result in hanging parts of or the entire web server.

SOLUTION

	Remove the examples folder from your website.
	

	Upgrade to version 2.1.2 available from:
	

	http://www.caucho.com/download/