Re: Java and buffer overflows

From: Dave Aitel (daveat_private)
Date: Wed Jun 26 2002 - 10:08:18 PDT

  • Next message: Loki: "Re: Java and buffer overflows"

    Although, as another poster said, native code invocation is going to
    continue to be a problem for managed languages such as Java and C# in
    the years to come. 
    
    I've found a buffer overflow in native code invoked by a major
    application server that happened to be written in Java. It's fixed now,
    btw. :>
    
    -dave
    
    
    
    On Tue, 2002-06-25 at 20:40, Nelson Sampaio Araujo Junior wrote:
    > Hi,
    > 
    > > I heard thatt java is  invulnerable to bofs
    > > Has anyone succefully exploited a bof in java ?
    > 
    > Please notice that buffer overflow is only one way of software exploitation.
    > Generalizing the concept, any procedure that makes a software work badly,
    > and if possible be directed to do something you want (and obviously not
    > authorized), can be considered exploitation.
    > 
    > Please does not sit down and relax just because Java should not have buffer
    > overflows. There are inifinite ways of directing a software to do something
    > bad or not expected, and once more, buffer overflows (or overruns if you
    > prefer) is *just* one option.
    > 
    > Regards,
    > 
    > Nelson Junior
    > nelsonat_private
    > nelsonat_private
    > 
    > 
    
    
    
    



    This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 20:56:42 PDT