Tally wrote:
> however the applets always run in the JVM and
> cannot access system resources. hence if this
> is the case then where is the hostile part in such
> applets.
Another vulnerability with Java applets that I had heard of (but never
seen a discussion of here) is in the situation of a downloaded Java
applet taking advantage of statefull filtering firewalls to perform port
scanning, vulnerability assessment, and active intrusion of the client
host running the browser.
Since a Java applet is capable of making any connections back to the
server that it was sent from it can probably connect through the
firewall to a rogue service running on the servers ftp port. If a
statefull filtering firewall sees the 'port command' in the applets tcp
stream it may in turn grant permission for the rogue service to
establish the reverse connection to the clients port. The process on the
server can then check for any vulnerabilities associated with the
clients service running on that port and try to gain entry into that
system. The Java applet merely sends requests through the firewall to
open each port one at a time until each port has been probed for all
known vulnerabilities, the user is none the wiser.
I have since lost the URL for the paper that described this situation
and have never seen a discussion on which statefull filtering firewalls
may be vulnerable to this. Can anybody expand on this or comment?
--
Steve Coleman <[EMAIL PROTECTED]> http://www.jhuapl.edu/
High Performance, fault tolerant, distributed, real-time computing
<<-------->> Johns Hopkins Applied Physics Laboratory <<--------->>
Balt:443-778-6330 Fax:443-778-5597 Wash:240-228-6330 Fax:240-228-5597
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
