RE: Stack Overflow

From: lists (lists_at_innocence-lost.net)
Date: 01/10/05

  • Next message: P. Schmiel: "Re[2]: Stack Overflow" 
    Date: Mon, 10 Jan 2005 14:50:18 -0700 (MST)
To: Beilin Zhang <bzhang@sangamo.com>

    I am hardly a java expert myself, however in _theory_ a buffer overflow is
    possible in any language (assuming the underlying chip's instruction set
    doesnt do bounds checking), however AFAIK it would require a bug of sorts
    in the jvm to bypass its checks so that you could write more data than
    was allocated.

    So in short, possible yes, probable no. 

    --
There are only two choices in life. You either conform the truth to your desire,
or you conform your desire to the truth. Which choice are you making?
On Mon, 10 Jan 2005, Beilin Zhang wrote:
> Date: Mon, 10 Jan 2005 13:23:54 -0800
> From: Beilin Zhang <bzhang@sangamo.com>
> To: security-basics@securityfocus.com
> Subject: RE: Stack Overflow
>
> Hi,
>
> I have done some Java programming but not an expert.  I'd be interested in
> knowing how this can be accomplished, since you cannot manipulate pointers
> in Java and arrays are bound-checked.  Do you have any examples?
>
> Best Regards
>
> Beilin Zhang
>
> -----Original Message-----
> From: P. Schmiel [mailto:secfoc@cybernox.net]
> Sent: Monday, January 10, 2005 12:29 PM
> To: security-basics@securityfocus.com
> Subject: Re: Stack Overflow
>
>
> Hello list,
>
> well, sure they can. it's the coders job to make a good code. and the
> OSs job to manage the memory correct.
>
> Original message Monday, January 10, 2005, 2:11:03 PM:
>
> NS> Hi list,
>
> NS>   My question is: can programs made with newer languages (Java and
> NS> .NET) have buffer overflow exploits?
>
> NS> Tnx,
> NS> Nelson Santos
>
>
> ---
> Best regards,
> Pascal Schmiel
> schmiel@cybernox.net
>
  • Next message: P. Schmiel: "Re[2]: Stack Overflow"

    Relevant Pages

    • Re: IP Level Encryption
      ... The memory used by process A can be claimed by another process B ... >> will enable an attacker to execute arbitrary code, in Java this is ... any buffer overflow is detected and there is no ... Although I am also fond of Delphi, I don't think that it is a full ...
      (sci.crypt)
    • Re: Ideal computer language from scratch?
      ... Impervious to Buffer Overflow bugs. ... The concept of portable GUIs didn't exist, to my knowledge, 20 years ... of some kind (Java, POSIX / C) ... just about every compiled language had these? ...
      (alt.lang.asm)
    • Re: Web-Development in C?
      ... Java ging von dem Konzept aus, ... "Kindern" gebastelt wird. ... "A patched buffer overflow doesn't mean that there's one less way ...
      (de.comp.lang.c)
    • Re: Java and buffer overflows
      ... > I heard thatt java is invulnerable to bofs ... > Has anyone succefully exploited a bof in java? ... Please notice that buffer overflow is only one way of software exploitation. ...
      (Vuln-Dev)
    • Re: Buffer Overflow Exploits
      ... Buffer Overflow by its very definition is a buffer that has ... > Language is an issue. ... > so there is no way for a Java program get a buffer overflow. ...
      (comp.lang.asm.x86)