::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
:: .ooO Java Personal Webserver 0.9 Denial of Service by wyze1 Ooo. ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
:: ::
:: The Java Personal Webserver 0.9 by Clay Lenhart (Available from Tucows) ::
:: is a freeware webserver written entirely in Java. It features on-screen ::
:: logging and implements only the GET and HEAD functions. (HTTP 0.9) ::
:: ::
:: This bug was tested on a Windows 98 box with JDK 1.1.1 and it worked ::
:: fine. I was going to test it on another Win98 box with JDK 1.2.1, but ::
:: the fucking program decided to break - (The author hasn't ported it to ::
:: Java 1.2 yet). It has not been tested on a Unix box because we refuse to ::
:: run Japan's Secret Weapon, aka. XFree86 on any box we wouldn't want ::
:: Satan to posses. If some-one else wants to test it and tell us what ::
:: happens, feel free. ::
:: ::
:: Okay, so whats the problem? By connecting and typing GET followed by a ::
:: couple of thousand characters (3000 for every 32mb of RAM on the system ::
:: sounds about right) the system will become low on memory and the Java ::
:: Virtual Machine will start whining about stuff like.. ::
:: ::
:: java.lang.OutOfMemoryError: <== Type of error that occurs when ::
:: at ConnectionThread.readCommands(wyze1.java:521) <== Reading GET ::
:: at ConnectionThread.run(wyze1.java:344) <== And Executing GET ::
:: ::
:: Right, so the VM has decided the system is low on memory. Thus the VM ::
:: Garbage Collector will run on a thread with full priority. Okay, a bit ::
:: of background for non-Java coders is required: Unlike other languages, ::
:: you don't have to kill objects once you are finished with them, the ::
:: Garbage Collector does it for you when there are no further references ::
:: to the object. The GC can be called manually, and will also run ::
:: automatically when it feels like it, and with full priority if the ::
:: system is low on memory - like it is now. ;) ::
:: ::
:: So, the Garbage Collector looks around for threads to kill, and alas, it ::
:: can't find any, so it just stops anything more being written to the ::
:: editable textbox in the centre of the window, regardless of the fact ::
:: that thats where our logging would be if it still worked. =P ::
:: ::
:: Fixing the error should be fairly simple - the only reason I didn't do ::
:: it myself is because that would require porting the app to Java 1.2 and ::
:: that is just TOO much work. ;) However, should the app be ported to Java ::
:: 1.2, the bug could be fixed by using JFC/Swing instead of AWT and ::
:: making the Textbox a Label. Then, the user input should be limited to ::
:: a certain number of characters, and errors caused by too many chars in ::
:: the user input should be catched. ::
:: ::
:: You will find the exploit for this vulnerability in the lame-java-c0de ::
:: directory of this issue if you want. Have fun! ::
:: ::
:: --=====-- ::
:: <wyze1> g1bb0r mE s1bb0rs3ckz ::
:: <Eth`Real> Okay. *uNf* ::
:: <wyze1> ta ::
:: --=====-- ::
:: ::
::--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--::
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
