Bugtraq mailing list archives
Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space
From: "Leif Erik Andersen (at Seven)" <leander () blanet dk>
Date: Mon, 15 May 2006 19:55:08 +0200
Hi Marc You wrote to bugtraq:
Quite a while ago I was testing with applets and found this by accident. It is definitely not a big issue, but worth to mention, as I discovered that an applet was eating up all the free space on the harddrive by allocating a large file in the users hidden temp dir (filename is something like +~JF57558.tmp ). Even when leaving the page the applet continues to work due to the broken event management between the browser and the JVM and after quitting the browser the temp file is not deleted. Therefore it leaves the machine in a terrible state, with no available space left, necessary for automatic security updates. And I am just transferring zero bytes but more harmful payload is certainly possible. Java is supposed to work similar on all platforms (write once, crash everywhere :-). So please tell me whether the following link fills up your hard disk (use on your own RISK, of course): http://www.illegalaccess.org/exploit/FullDiskApplet.html
The same happened on my Linux Fedora Core 4 workstation with Konqueror 3.4.2-0.FC4.1 and Java JDK1.5.0_01. It filled the root partitition (where /tmp is on my system) with about a 500 mb temp-file in no time. The file disappeared while I wrote this report, though, after terminating the Konqueror-window. Regards -- Leif Erik Andersen, leander () blanet dk BLA*net
Current thread:
- JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space Marc Schoenefeld (May 15)
- Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space William Starling (May 18)
- Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space Leif Erik Andersen (at Seven) (May 18)