SecurityReason - JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space

Register | Forget Password | Login

	SecurityReason
News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research

	WLB
WLB Database

Send to WLB

About WLB

	RSS
News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

	Corporate
Contact

About us

	Services
SecurePHP


	Note
If you have found a vulnerability, please send to our SecurityAlert Database : secalert()securityreason()com Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive : exploit()securityreason()com

Details : SecurityAlert

Topic :

JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space

SecurityAlert : 909

CVE : CVE-2006-2426

SecurityRisk : Medium alert

alert

(About)

Remote Exploit : No

Local Exploit : Yes

Exploit Given : No

Credit : Marc Schoenefeld

Published : 19.05.2006

Affected Software :

JDK 1.4.2_11, 1.5.0_06

Advisory Text :

Hi y'all,

Quite a while ago I was testing with applets and found
this by accident. It is definitely not a big issue, but worth
to mention, as I discovered that an applet was eating up all the
free space on the harddrive by allocating a large file in
the users hidden temp dir (filename is something like
+~JF57558.tmp ).

Even when leaving the page the applet continues to work due
to the broken event management between the browser
and the JVM and after quitting the browser the temp file
is not deleted.
Therefore it leaves the machine in a terrible state, with
no available space left, necessary for automatic security updates.
And I am just transferring zero bytes but more harmful payload is
certainly possible.

Java is supposed to work similar on all platforms (write
once, crash everywhere :-). So please tell me whether
the following link fills up your hard disk
(use on your own RISK, of course):
http://www.illegalaccess.org/exploit/FullDiskApplet.html

I tested with Firefox 1.5.0.3 and JDK 1.4.2_11 on a WinXP
box and on another XP machine with IE6 , JDK 1.5.0_06.

But I doubt that Sun will ever fix the bug, as they know the issue
since 2004.

Cheers
Marc

Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.

	Alert
Microsoft VISTA TCP/IP stack buffer overflow - 2008-11-27 Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory.


	Apache
» Apache Tomcat information disclosure

» Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability

» Apache Tomcat information disclosure vulnerability

» Apache Tomcat XSS vulnerability



	PHP
» PHP 5.2.6 SAPI php_getuid() overload

» PHP ZipArchive::extractTo() Directory Traversal Vulnerability

» PHP 5.2.6 dba_replace() destroying file

» PHP 5.2.6 (error_log) safe_mode bypass

Copyright © SecurityReason. All Rights Reserved.