Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: reverse engineer c or java

From: edebill () MAIL PCORDER COM (Erik Debill)
Date: Mon, 22 May 2000 15:19:06 -0500

On Mon, May 22, 2000 at 04:30:39AM +0000, Crispin Cowan wrote:


Agreed.  The buffer overrun issue for Java is that the JVM is often a C
program, and *it* may contain buffer overrun vulnerabilities that enable the
attacker to write bytecode that exploits a buffer overrun in the JVM to
obtain privilege.


They certainly contain bugs which will cause them to Dr Watson on an
NT box.  We use the MS "Java" VM and it does this with fair
regularity.  And yes, java code can induce this behavior.  They've got
memory leaks, too (not only do you have to worry about memory leaks in
your java code - quite easy to do, actually, - but you have to worry
about sloppy programmers at MS or Sun or wherever).

No, I can't give you the (rather large hairy) java source that does
this (closed source software dev.... grrr....)

ED
Previous By Date Next
Previous By Thread Next

Current thread: