[9381] in bugtraq
Re: open socket in java
daemon@ATHENA.MIT.EDU (Hale)
Fri Feb 5 13:10:29 1999
Date: Fri, 5 Feb 1999 08:18:39 -0500
Reply-To: Hale <admin@DEVIANCE.ORG>
From: Hale <admin@DEVIANCE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <36BA0E14.52996BE3@jenik.com>
Wether or not that could cause any problems is realted to the level of
security that is imposed on java applets. Say you open a listening port
on 139 or 23. If that sockets lays over the existing one, it could
possible take traffic from it, and relay it to a remote host. You can do
this with netcat, so I would think java applets would be subject to the
same security..
Pavel
At 11:16 PM 2/4/99 +0200, Aviram Jenik wrote:
>nino wrote:
>
>> The implications are obvious. If any host can connect to the machine
>> running the aplet, you could tell java to do things like the boserver.
>> If
>> you have a completely open socket, its rock n' roll !
>>
>
>No, it's not.
>
>Yes, you can connect to the open socket, but the applet can't do any I/O, so
>it's basically harmless (just like any other applet).
>
>The fact that the applet accepts outside connections is nothing by its own
>(besides a bad feeling it makes anybody that knows something about
>security...). The only possible security implication is performing some DoS
>on that socket or combining this with another exploits
>You definitely can't write a boserver in Java.
