Vulnerability Development mailing list archives
Re: reverse engineer c or java
From: Michael.Wojcik () MERANT COM (Michael Wojcik)
Date: Mon, 22 May 2000 10:24:18 -0700
-----Original Message----- From: Crispin Cowan [mailto:crispin () WIREX COM]
Agreed. The buffer overrun issue for Java is that the JVM is often a C program, and *it* may contain buffer overrun vulnerabilities that enable
the
attacker to write bytecode that exploits a buffer overrun in the JVM to obtain privilege.
And, of course, that even a (hypothetical) JVM free of implementation errors like buffer overflows may contain design flaws that either do not implement Java security rules correctly or fail in boundary conditions (like illegal opcode combinations). We've seen more than one exploit of that sort. Java's a smaller target than the huge number of unsafe C servers out there, but it would be a mistake to assume it's safe. Michael Wojcik michael.wojcik () merant com MERANT Department of English, Miami University
Current thread:
- Re: reverse engineer c or java AnorEXia (May 20)
- Re: reverse engineer c or java Jacek Lipkowski (May 21)
- Re: reverse engineer c or java Bluefish (May 22)
- Re: reverse engineer c or java Jeff Bachtel (May 23)
- Re: reverse engineer c or java Crispin Cowan (May 28)
- <Possible follow-ups>
- Re: reverse engineer c or java Miller, Timothy (May 21)
- Re: reverse engineer c or java Zoa_Chien (May 22)
- Re: reverse engineer c or java Michael Wojcik (May 22)
- Re: reverse engineer c or java Matt inAmsterdam (May 24)
- Re: reverse engineer c or java Matt inAmsterdam (May 25)
- Re: reverse engineer c or java Jacek Lipkowski (May 21)