|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 909 CVE : CVE-2006-2426 SecurityRisk : Medium  (About) Remote Exploit : No Local Exploit : Yes Exploit Given : No Credit : Marc Schoenefeld Published : 19.05.2006
Advisory Text : Hi y'all, Quite a while ago I was testing with applets and found this by accident. It is definitely not a big issue, but worth to mention, as I discovered that an applet was eating up all the free space on the harddrive by allocating a large file in the users hidden temp dir (filename is something like +~JF57558.tmp ). Even when leaving the page the applet continues to work due to the broken event management between the browser and the JVM and after quitting the browser the temp file is not deleted. Therefore it leaves the machine in a terrible state, with no available space left, necessary for automatic security updates. And I am just transferring zero bytes but more harmful payload is certainly possible. Java is supposed to work similar on all platforms (write once, crash everywhere :-). So please tell me whether the following link fills up your hard disk (use on your own RISK, of course): http://www.illegalaccess.org/exploit/FullDiskApplet.html I tested with Firefox 1.5.0.3 and JDK 1.4.2_11 on a WinXP box and on another XP machine with IE6 , JDK 1.5.0_06. But I doubt that Sun will ever fix the bug, as they know the issue since 2004. Cheers Marc  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |