Bugtraq mailing list archives
Re: open socket in java
From: admin () DEVIANCE ORG (Hale)
Date: Fri, 5 Feb 1999 08:18:39 -0500
Wether or not that could cause any problems is realted to the level of security that is imposed on java applets. Say you open a listening port on 139 or 23. If that sockets lays over the existing one, it could possible take traffic from it, and relay it to a remote host. You can do this with netcat, so I would think java applets would be subject to the same security.. Pavel At 11:16 PM 2/4/99 +0200, Aviram Jenik wrote:
nino wrote:The implications are obvious. If any host can connect to the machine running the aplet, you could tell java to do things like the boserver. If you have a completely open socket, its rock n' roll !No, it's not. Yes, you can connect to the open socket, but the applet can't do any I/O, so it's basically harmless (just like any other applet). The fact that the applet accepts outside connections is nothing by its own (besides a bad feeling it makes anybody that knows something about security...). The only possible security implication is performing some DoS on that socket or combining this with another exploits You definitely can't write a boserver in Java.
Current thread:
- open socket in java nino (Feb 03)
- <Possible follow-ups>
- Re: open socket in java Aviram Jenik (Feb 04)
- Re: open socket in java Hale (Feb 05)
- Re: open socket in java Lincoln Stein (Feb 05)
- Re: open socket in java Tim Wright (Feb 09)
- Re: open socket in java Toby Chamberlain (Feb 04)
- Re: open socket in java Simon Kilvington (Feb 05)
- Re: open socket in java Posick, Steve (Feb 09)
- FW: open socket in java Nin|a405 (Feb 11)
- Re: open socket in java Simon Kilvington (Feb 12)