Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Unsecured server in applets under Netscape

From: grail () CAFEBABE ORG (Giao Nguyen)
Date: Tue, 2 Feb 1999 13:42:32 -0800

Just for kicks, I wrote a sample applet that listened on a socket. I
discovered that when the applet was loaded under Netscape (as tested
with version 4.5), any hosts could then connect to the machine running
this applet. I won't bore anyone with the code because it's so trivial
that a novice to Java should be able to write it with ease after
reading some documentation.

According to Java in a Nutshell, 2nd edition, p. 139:

* Untrusted code cannot perform networking operations, exception
certain restricted ways.  Untrusted code cannot:
  [...]
  - Accept network connections on ports less than or equal to 1024 or
    from any host other than the one from which the code itself was
    loaded.

While the port number restriction is held by the VM, the point of
origin restriction is not held at all.

I don't feel qualified to comment on the full implication of this but
I'm sure more inventive minds can arrive at more interesting uses of
this feature.

The work around is rather simple. Disable Java runtime in the Netscape
browser.

As hinted above, Internet Explorer's Java runtime does not exhibit
this behaviour.

I have contacted Netscape (via some truly useful web pages) but I've
not received any responses to the following information. I hope it's
useful to someone out there.

Giao Nguyen
Previous By Date Next
Previous By Thread Next

Current thread: