Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Java and buffer overflows

From: Rafael Anschau <rhanscha () terra com br>
Date: Tue, 25 Jun 2002 22:27:31 -0300
The topic of this thread is "Java bofs". 
Java is presumably immune to bofs, due to the VM's boundchecking mechanisms.
The question still remains whether the VM has security bugs.

And yes, there are many other bugs which could
leave security breaches.  And yes Java, is vulnerable 
to poor coding as any other language around. 

[]'s

Woody



Hi,


I heard thatt java is  invulnerable to bofs
Has anyone succefully exploited a bof in java ?


Please notice that buffer overflow is only one way of software exploitation.
Generalizing the concept, any procedure that makes a software work badly,
and if possible be directed to do something you want (and obviously not
authorized), can be considered exploitation.

Please does not sit down and relax just because Java should not have buffer
overflows. There are inifinite ways of directing a software to do something
bad or not expected, and once more, buffer overflows (or overruns if you
prefer) is *just* one option.

Regards,

Nelson Junior
nelson () lunenetworks com br
nelson () LUNE com br



-- 
Rafael Anschau - Terra Networks Brasil
Operacao Nacional  -  (51) 3284 4246
Previous By Date Next
Previous By Thread Next

Current thread: