Re: JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space

["Leif Erik Andersen (at Seven)" <leander () blanet dk>]

Hi Marc

You wrote to bugtraq:
> Quite a while ago I was testing  with applets and found
> this by accident. It is definitely not a big issue, but worth
> to mention, as I discovered that an applet was eating up all the
> free space on the harddrive by allocating a large file in
> the users hidden temp dir (filename is something like
> +~JF57558.tmp ).
>
> Even when leaving the page the applet continues to work due
> to the broken event management between the browser
> and the JVM and after quitting the browser the temp file
> is not deleted.
> Therefore it leaves the machine in a terrible state, with
> no available space left, necessary for automatic security updates.
> And I am just transferring zero bytes but more harmful payload is
> certainly possible.
>
> Java is supposed to work similar on all platforms (write
> once, crash everywhere :-). So please tell me whether
> the following link fills up your hard disk
> (use on your own RISK, of course):
> http://www.illegalaccess.org/exploit/FullDiskApplet.html

The same happened on my Linux Fedora Core 4 workstation with Konqueror 
3.4.2-0.FC4.1 and Java JDK1.5.0_01. It filled the root partitition 
(where /tmp is on my system) with about a 500 mb temp-file in no time. The 
file disappeared while I wrote this report, though, after terminating the 
Konqueror-window.

Regards
-- 
Leif Erik Andersen, leander () blanet dk
BLA*net