Re: Java and buffer overflows

From: Felix Harris (felixat_private)
Date: Mon Jun 24 2002 - 10:43:01 PDT

Next message: Rafael Anschau: "Re: Java and buffer overflows"

Previous message: Dean Shih: "Re: [BUGTRAQ] : ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS"
In reply to: cyber_riderat_private: "Java and buffer overflows"
Next in thread: KF: "Re: Java and buffer overflows"
Next in thread: Rafael Anschau: "Re: Java and buffer overflows"
Reply: KF: "Re: Java and buffer overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I was wondering if code written in JAVA(or .NET) is vulnerable to buffer overflows.
> If yes,what are the differences in the proccess of exploiting?
> Any online source?


well afaik one of the main reasons for creating Java was to make it 
a safe language, as there is no complications between pointers 
and buffers. Buffers are also lengthchecked, and pointers dont 
really have the required scope to be exploited. If there was an 
exploit for a java program, it would probably exist as a bug in the 
virtual machine, or in a call to a c/c++ program/library. IIRC, there 
was something about zlib being exploitable?
--
Felix Harris
felixat_private
I say goodbye and raindrops taste like tears
In the pouring rain I stand and die alone

Next message: Rafael Anschau: "Re: Java and buffer overflows"
Previous message: Dean Shih: "Re: [BUGTRAQ] : ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS"
In reply to: cyber_riderat_private: "Java and buffer overflows"
Next in thread: KF: "Re: Java and buffer overflows"
Next in thread: Rafael Anschau: "Re: Java and buffer overflows"
Reply: KF: "Re: Java and buffer overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 25 2002 - 08:09:03 PDT