Vulnerability Development mailing list archives
Re: Java and buffer overflows
From: Joe Testa <jtesta () rapid7 com>
Date: Wed, 26 Jun 2002 12:34:09 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 By Java's design, code execution is not possible by overflowing a buffer. However, the program probably doesn't catch IndexOutOfBoundExceptions, so it will most likely result in a denial of service. I audited many Java HTTP and FTP servers in the past (in the span of two weeks time--hey, I was on a roll...), and a lot of them were affected by directory traversal vulnerabilities, which have nothing to do with buffer overflows. Hope this helps. - Joe Testa GPG key: http://www.cs.rit.edu/~jst3290/joetesta_r7.pub A22B 2683 C40E 5443 AE52 AD6D 65B2 F5DF 4B11 06B4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9GeyyZbL130sRBrQRAn9EAJ9aE4TGDYpYLC2PPptF7rdeA4eNpgCfQ3aL Eo9OfN6vyHbXm3jd+LM7M0g= =LW54 -----END PGP SIGNATURE-----
Current thread:
- Re: Java and buffer overflows, (continued)
- Re: Java and buffer overflows Dave Aitel (Jun 26)
- Re: Java and buffer overflows KF (Jun 27)
- Re: Java and buffer overflows Dave Aitel (Jun 27)
- RE: Java and buffer overflows Zacharias Pigadas (Jun 28)
- JNI and buffer overflows (was java and buffer overflows) KF (Jun 28)
- Re: JNI and buffer overflows (was java and buffer overflows) KF (Jun 28)
- Re: JNI and buffer overflows (was java and buffer overflows) KF (Jun 28)
- Re: Java and buffer overflows Loki (Jun 26)