Re: KPMG-2002033: Resin DOS device path disclosure

From: security-protocolsat_private
Date: Wed Jul 17 2002 - 11:06:56 PDT

Next message: secureat_private: "[CLA-2002:512] Conectiva Linux Security Announcement - libpng"

Previous message: martin f krafft: "Re: Sniffable Switch Project"
Maybe in reply to: Peter Gründl: "KPMG-2002033: Resin DOS device path disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Resin 2.1.0 also appears vulnerable mr. peter fundl.

// badpack3t.

On Wed, 17 Jul 2002 11:33:59 +0200, =?iso-8859-1?Q?Peter_Gr=FCndl?= <pgrundlat_private> wrote:
>--------------------------------------------------------------------
>
>Title: Resin DOS device path disclosure
>
>BUG-ID: 2002033
>Released: 17th Jul 2002
>--------------------------------------------------------------------
>
>Problem:
>========
>It is possible to disclose the physical path to the webroot. This
>information could be useful to a malicious user wishing to gain
>illegal access to resources on the server.
>
>
>Vulnerable:
>===========
>- Resin 2.1.1 on Windows 2000 Server
>- Resin 2.1.2 on Windows 2000 Server
>
>
>Not Vulnerable:
>===============
>- Resin 2.1.s020711 on Windows 2000 Server
>
>
>Details:
>========
>Requesting certain DOS devices, such as lpt9.xtp, results in an error
>message that contains the physical path to the web root.
>
>500 Servlet Exception
>java.io.FileNotFoundException: C:\Documents and Settings\Administrator
>\Desktop\resin-2.1.1\resin-2.1.1\doc\aux.xtp
>(Access is denied)
>
>
>Vendor URL:
>===========
>You can visit the vendor webpage here: http://www.caucho.com
>
>
>Vendor response:
>================
>The vendor was notified on the 22nd of May, 2002. On the 12th of
>July we verified that the problem was corrected in the latest build
>(s020711).
>
>
>Corrective action:
>==================
>Upgrade to a newer version. This issue was first resolved in build
>s020711, available here: http://www.caucho.com/download/index.xtp
>
>
>Author: Peter Gründl (pgrundlat_private)
>
>--------------------------------------------------------------------
>KPMG is not responsible for the misuse of the information we provide
>through our security advisories. These advisories are a service to
>the professional security community. In no event shall KPMG be lia-
>ble for any consequences whatsoever arising out of or in connection
>with the use or spread of this information.
>--------------------------------------------------------------------
>
>

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmcEARECACcFAj01sPsgHHNlY3VyaXR5LXByb3RvY29sc0BodXNobWFpbC5jb20ACgkQ
NAoGe68ymd2tswCfc55pTUjX/iW6VEMiY81SLvt/cfgAmwbd79bNOV4G/ieN9AmY36eW
EPDl
=cSnY
-----END PGP SIGNATURE-----


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

Next message: secureat_private: "[CLA-2002:512] Conectiva Linux Security Announcement - libpng"
Previous message: martin f krafft: "Re: Sniffable Switch Project"
Maybe in reply to: Peter Gründl: "KPMG-2002033: Resin DOS device path disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 18 2002 - 09:59:47 PDT