Sun Java JRE Large Temporary File Creation Vulnerability
SECUNIA ADVISORY ID:
Sun Java SDK 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.4.x
Sun Java JDK 1.5.x
Marc Schoenefeld has discovered a vulnerability in Sun Java JRE (Java
Runtime Environment), which can be exploited by malicious people to
cause a DoS (Denial of Service).
The vulnerability is caused due to missing restrictions on temporary
file creation. This can be exploited by a malicious applet to create
large files in the temporary folder via e.g. the "Font.createFont()"
Successful exploitation causes a vulnerable system to run out of disk
The vulnerability has been confirmed in JDK 5.0 Update 6 and has also
been reported in SDK 1.4.2_11 on the Microsoft Windows platform.
Remove files created by malicious applets in the temporary folder
"%temp%" when running out of disk space after an attack.
PROVIDED AND/OR DISCOVERED BY:
Best Black Friday Deals
CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.