Re: [VulnWatch] The Java applet sandbox and stateful firewalls

Is the Java Sandbox able to create outgoing connections on ports like 445?

Also, even if it is possible, if a service like MS-SQL is already binded 
to 1433, then wouldn't an error be thrown saying something like 'Port 
already in use'.

That said, this is a very interesting concept, and a real vulnerability 
in any 'stateful protected system' if one is able to create TCP (or UDP) 
packets with explicit return ports (I will try to replicate this in .NET 
and will post here my results)

Dinis Cruz
.Net Security Consultant

Florian Weimer wrote:

>The Java/Firewall vulnerability
>===============================
>
>Current version: <http://www.enyo.de/fw/security/java-firewall/>
>
>The Java sandbox for applets and stateful firewalls interact in a
>surprising way. As a result, external hosts can initiate TCP
>connections to supposedly protected network services.
>
>* Attack Requirements
>
>This is a passive attack. The attacker must lure the victim to a
>carefully crafted web page. The victim's web browser must download and
>execute the embedded Java applet. The victim's computer must offer