JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space

2006.05.19
Credit: Marc Schoenefeld
Risk: Medium
Local: Yes
Remote: No
CVE: CVE-2006-2426
CWE: CWE-Other


CVSS Base Score: 6.4/10
Impact Subscore: 4.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: Partial

Hi y'all, Quite a while ago I was testing with applets and found this by accident. It is definitely not a big issue, but worth to mention, as I discovered that an applet was eating up all the free space on the harddrive by allocating a large file in the users hidden temp dir (filename is something like +~JF57558.tmp ). Even when leaving the page the applet continues to work due to the broken event management between the browser and the JVM and after quitting the browser the temp file is not deleted. Therefore it leaves the machine in a terrible state, with no available space left, necessary for automatic security updates. And I am just transferring zero bytes but more harmful payload is certainly possible. Java is supposed to work similar on all platforms (write once, crash everywhere :-). So please tell me whether the following link fills up your hard disk (use on your own RISK, of course): http://www.illegalaccess.org/exploit/FullDiskApplet.html I tested with Firefox 1.5.0.3 and JDK 1.4.2_11 on a WinXP box and on another XP machine with IE6 , JDK 1.5.0_06. But I doubt that Sun will ever fix the bug, as they know the issue since 2004. Cheers Marc


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top