Although, as another poster said, native code invocation is going to continue to be a problem for managed languages such as Java and C# in the years to come. I've found a buffer overflow in native code invoked by a major application server that happened to be written in Java. It's fixed now, btw. :> -dave On Tue, 2002-06-25 at 20:40, Nelson Sampaio Araujo Junior wrote: > Hi, > > > I heard thatt java is invulnerable to bofs > > Has anyone succefully exploited a bof in java ? > > Please notice that buffer overflow is only one way of software exploitation. > Generalizing the concept, any procedure that makes a software work badly, > and if possible be directed to do something you want (and obviously not > authorized), can be considered exploitation. > > Please does not sit down and relax just because Java should not have buffer > overflows. There are inifinite ways of directing a software to do something > bad or not expected, and once more, buffer overflows (or overruns if you > prefer) is *just* one option. > > Regards, > > Nelson Junior > nelsonat_private > nelsonat_private > >
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 20:56:42 PDT