-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 By Java's design, code execution is not possible by overflowing a buffer. However, the program probably doesn't catch IndexOutOfBoundExceptions, so it will most likely result in a denial of service. I audited many Java HTTP and FTP servers in the past (in the span of two weeks time--hey, I was on a roll...), and a lot of them were affected by directory traversal vulnerabilities, which have nothing to do with buffer overflows. Hope this helps. - Joe Testa GPG key: http://www.cs.rit.edu/~jst3290/joetesta_r7.pub A22B 2683 C40E 5443 AE52 AD6D 65B2 F5DF 4B11 06B4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9GeyyZbL130sRBrQRAn9EAJ9aE4TGDYpYLC2PPptF7rdeA4eNpgCfQ3aL Eo9OfN6vyHbXm3jd+LM7M0g= =LW54 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 20:03:02 PDT