Sun Java JRE Large Temporary File Creation Vulnerability

Secunia ID	SA20132
CVE-ID	CVE-2006-2426
Release Date	16 May 2006
Last Change	27 Mar 2009
Criticality	Not Critical
Solution Status	Vendor Patch
Software	Sun Java JDK 1.5.x Sun Java JRE 1.4.x Sun Java JRE 1.5.x / 5.x Sun Java SDK 1.4.x
Where	From remote
Impact	DoS (Denial of Service) This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Description	Marc Schoenefeld has discovered a vulnerability in Sun Java JRE (Java Runtime Environment), which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to missing restrictions on temporary file creation. This can be exploited by a malicious applet to create large files in the temporary folder via e.g. the "Font.createFont()" method. Successful exploitation causes a vulnerable system to run out of disk space. The vulnerability has been confirmed in JDK 5.0 Update 6 and has also been reported in SDK 1.4.2_11 on the Microsoft Windows platform.
Solution	Reportedly fixed in JDK and JRE 5.0 Update 18, SDK and JRE 1.4.2_20, and 1.3.1_25 (for customers with Solaris 8 and Vintage Support Offering support contracts).
Reported by	Marc Schoenefeld
Original Advisory	Sun: http://sunsolve.sun.com/search/document.do?assetkey=1-66-254608-1