Vulnerability Development mailing list archives
Re: Java and buffer overflows
From: Dave Aitel <dave () immunitysec com>
Date: 26 Jun 2002 13:08:18 -0400
Although, as another poster said, native code invocation is going to continue to be a problem for managed languages such as Java and C# in the years to come. I've found a buffer overflow in native code invoked by a major application server that happened to be written in Java. It's fixed now, btw. :> -dave On Tue, 2002-06-25 at 20:40, Nelson Sampaio Araujo Junior wrote:
Hi,I heard thatt java is invulnerable to bofs Has anyone succefully exploited a bof in java ?Please notice that buffer overflow is only one way of software exploitation. Generalizing the concept, any procedure that makes a software work badly, and if possible be directed to do something you want (and obviously not authorized), can be considered exploitation. Please does not sit down and relax just because Java should not have buffer overflows. There are inifinite ways of directing a software to do something bad or not expected, and once more, buffer overflows (or overruns if you prefer) is *just* one option. Regards, Nelson Junior nelson () lunenetworks com br nelson () LUNE com br
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Java and buffer overflows cyber_rider (Jun 23)
- Re: Java and buffer overflows Felix Harris (Jun 25)
- Re: Java and buffer overflows KF (Jun 26)
- Re: Java and buffer overflows Javier Blanque (Jun 26)
- Re: Java and buffer overflows ash (Jun 26)
- Re: Java and buffer overflows Anibal Ambertin (Jun 27)
- Re: Java and buffer overflows KF (Jun 26)
- Re: Java and buffer overflows Rafael Anschau (Jun 25)
- Re: Java and buffer overflows Branko Ivanovic (Jun 26)
- Re: Java and buffer overflows Nelson Sampaio Araujo Junior (Jun 26)
- Re: Java and buffer overflows Rafael Anschau (Jun 26)
- Re: Java and buffer overflows Dave Aitel (Jun 26)
- Re: Java and buffer overflows KF (Jun 27)
- Re: Java and buffer overflows Dave Aitel (Jun 27)
- RE: Java and buffer overflows Zacharias Pigadas (Jun 28)
- JNI and buffer overflows (was java and buffer overflows) KF (Jun 28)
- Re: JNI and buffer overflows (was java and buffer overflows) KF (Jun 28)
- Re: JNI and buffer overflows (was java and buffer overflows) KF (Jun 28)
- Re: Java and buffer overflows Felix Harris (Jun 25)
- Re: Java and buffer overflows Loki (Jun 26)