Bugtraq mailing list archives
Re: open socket in java
From: s.kilvington () ERIS DERA GOV UK (Simon Kilvington)
Date: Fri, 12 Feb 1999 17:13:26 +0000
"Posick, Steve" wrote:
I've written an applet that exploits this flaw. I could NOT get the applet to open a socket to any host other than the host that the applet resides on. I could connect to the applet from any other machine, but the applet was unable to accept the connection using the ServerSocket.accept() method. Therefore to my knowledge this bug can not be used by itself to transfer data to any host other than the HTTP server in which it resides.
Looking at the Java library code... When the ServerSocket is created for 'port' the following is called: System.getSecurityManager().checkListen(port) This is allowed because the applet is allowed to talk to the host it came from. As you say, to actually get any data you need to call: ServerSocket.accept() This is checked by: System.getSecurityManager().checkAccept(host, port) This looks at the port number and the address the connection is coming from. So, as the original applet that the guy posted didn't do an accept() it didn't prove that any host can connect to the socket. -- Simon Kilvington, s.kilvington () eris dera gov uk
Current thread:
- open socket in java nino (Feb 03)
- <Possible follow-ups>
- Re: open socket in java Aviram Jenik (Feb 04)
- Re: open socket in java Hale (Feb 05)
- Re: open socket in java Lincoln Stein (Feb 05)
- Re: open socket in java Tim Wright (Feb 09)
- Re: open socket in java Toby Chamberlain (Feb 04)
- Re: open socket in java Simon Kilvington (Feb 05)
- Re: open socket in java Posick, Steve (Feb 09)
- FW: open socket in java Nin|a405 (Feb 11)
- Re: open socket in java Simon Kilvington (Feb 12)