Vulnerability Development mailing list archives
Re: reverse engineer c or java
From: edebill () MAIL PCORDER COM (Erik Debill)
Date: Mon, 22 May 2000 15:19:06 -0500
On Mon, May 22, 2000 at 04:30:39AM +0000, Crispin Cowan wrote:
Agreed. The buffer overrun issue for Java is that the JVM is often a C program, and *it* may contain buffer overrun vulnerabilities that enable the attacker to write bytecode that exploits a buffer overrun in the JVM to obtain privilege.
They certainly contain bugs which will cause them to Dr Watson on an NT box. We use the MS "Java" VM and it does this with fair regularity. And yes, java code can induce this behavior. They've got memory leaks, too (not only do you have to worry about memory leaks in your java code - quite easy to do, actually, - but you have to worry about sloppy programmers at MS or Sun or wherever). No, I can't give you the (rather large hairy) java source that does this (closed source software dev.... grrr....) ED
Current thread:
- Re: reverse engineer c or java, (continued)
- Re: reverse engineer c or java John Swensson (May 20)
- Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER SMILER (May 20)
- Re: Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Blue Boar (May 20)
- Re: Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Stuart Henderson (May 22)
- Re: reverse engineer c or java za () boo ma fu (May 20)
- Outlook, HTML & VBS Joerg Weber (May 21)
- Re: reverse engineer c or java Bluefish (May 21)
- Re: reverse engineer c or java Gordon Messmer (May 21)
- Re: reverse engineer c or java pantera () BALANCEPOINTGOLF COM (May 21)
- Re: reverse engineer c or java Crispin Cowan (May 21)
- Re: reverse engineer c or java Erik Debill (May 22)
- Re: reverse engineer c or java za () boo ma fu (May 21)
- Re: reverse engineer c or java Bluefish (May 22)
- Re: reverse engineer c or java za () boo ma fu (May 22)
- Re: reverse engineer c or java Bluefish (May 23)
- Re: reverse engineer c or java Mark Rafn (May 20)
- Re: reverse engineer c or java Pedro Hugo (May 20)
- Re: reverse engineer c or java phazer (May 20)
- Re: reverse engineer c or java Warner Losh (May 21)
- Re: reverse engineer c or java Liviu Daia (May 22)
- String checking with PHP Arturo Busleiman (May 24)