Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Java and buffer overflows

From: Dave Aitel <dave () immunitysec com>
Date: 26 Jun 2002 13:08:18 -0400
Although, as another poster said, native code invocation is going to
continue to be a problem for managed languages such as Java and C# in
the years to come. 

I've found a buffer overflow in native code invoked by a major
application server that happened to be written in Java. It's fixed now,
btw. :>

-dave



On Tue, 2002-06-25 at 20:40, Nelson Sampaio Araujo Junior wrote:

Hi,


I heard thatt java is  invulnerable to bofs
Has anyone succefully exploited a bof in java ?


Please notice that buffer overflow is only one way of software exploitation.
Generalizing the concept, any procedure that makes a software work badly,
and if possible be directed to do something you want (and obviously not
authorized), can be considered exploitation.

Please does not sit down and relax just because Java should not have buffer
overflows. There are inifinite ways of directing a software to do something
bad or not expected, and once more, buffer overflows (or overruns if you
prefer) is *just* one option.

Regards,

Nelson Junior
nelson () lunenetworks com br
nelson () LUNE com br

Attachment: signature.asc
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: