Bugtraq mailing list archives

Re: open socket in java

From: s.kilvington () ERIS DERA GOV UK (Simon Kilvington)
Date: Fri, 12 Feb 1999 17:13:26 +0000


"Posick, Steve" wrote:


I've written an applet that exploits this flaw.  I could NOT get the
applet to open a socket to any host other
than the host that the applet resides on.  I could connect to the
applet from any other machine, but the applet
was unable to accept the connection using the ServerSocket.accept()
method.  Therefore to my knowledge
this bug can not be used by itself to transfer data to any host other
than the HTTP server in which it resides.


Looking at the Java library code...

When the ServerSocket is created for 'port' the following is called:

System.getSecurityManager().checkListen(port)

This is allowed because the applet is allowed to talk to the host it
came from.

As you say, to actually get any data you need to call:

ServerSocket.accept()

This is checked by:

System.getSecurityManager().checkAccept(host, port)

This looks at the port number and the address the connection is coming
from.

So, as the original applet that the guy posted didn't do an accept()
it didn't prove that any host can connect to the socket.

--
Simon Kilvington, s.kilvington () eris dera gov uk

Current thread:

open socket in java nino (Feb 03)
- <Possible follow-ups>
- Re: open socket in java Aviram Jenik (Feb 04)
  - Re: open socket in java Hale (Feb 05)
  - Re: open socket in java Lincoln Stein (Feb 05)
    - Re: open socket in java Tim Wright (Feb 09)
- Re: open socket in java Toby Chamberlain (Feb 04)
- Re: open socket in java Simon Kilvington (Feb 05)
- Re: open socket in java Posick, Steve (Feb 09)
- FW: open socket in java Nin|a405 (Feb 11)
- Re: open socket in java Simon Kilvington (Feb 12)