Hi Marc You wrote to bugtraq: > Quite a while ago I was testing with applets and found > this by accident. It is definitely not a big issue, but worth > to mention, as I discovered that an applet was eating up all the > free space on the harddrive by allocating a large file in > the users hidden temp dir (filename is something like > +~JF57558.tmp ). > > Even when leaving the page the applet continues to work due > to the broken event management between the browser > and the JVM and after quitting the browser the temp file > is not deleted. > Therefore it leaves the machine in a terrible state, with > no available space left, necessary for automatic security updates. > And I am just transferring zero bytes but more harmful payload is > certainly possible. > > Java is supposed to work similar on all platforms (write > once, crash everywhere :-). So please tell me whether > the following link fills up your hard disk > (use on your own RISK, of course): > http://www.illegalaccess.org/exploit/FullDiskApplet.html The same happened on my Linux Fedora Core 4 workstation with Konqueror 3.4.2-0.FC4.1 and Java JDK1.5.0_01. It filled the root partitition (where /tmp is on my system) with about a 500 mb temp-file in no time. The file disappeared while I wrote this report, though, after terminating the Konqueror-window. Regards -- Leif Erik Andersen, leander@xxxxxxxxx BLA*net
