Re: Java and buffer overflows

From: Edsel Adap (edsel@adap.org)
Date: 06/26/02 

Date: Wed, 26 Jun 2002 11:15:51 -0400
From: Edsel Adap <edsel@adap.org>
To: Rafael Anschau <rhanscha@terra.com.br>

On Mon, Jun 24, 2002 at 08:26:35PM -0300, Rafael Anschau wrote:
> I heard thatt java is invulnerable to bofs
> Has anyone succefully exploited a bof in java ?

While a java program itself may not be vulnerable to buffer
overflows, the jvm itself may be.

> Woody 

-- 
Edsel Adap
edsel@adap.org
http://www.adap.org/~edsel/          LINUX - the choice of the GNU generation

"Netscape is an application which grows to fill all available memory."  - me

Relevant Pages

  • Re: Java and buffer overflows
    ... Java is presumably immune to bofs, due to the VM's boundchecking mechanisms. ... > Please notice that buffer overflow is only one way of software exploitation. ...
    (Vuln-Dev)
  • Re: Java and buffer overflows
    ... Java performs boundary checking, which C doesn`t. ... it doesn`t mean that Java is much safer. ... Popeye ... > I heard thatt java is invulnerable to bofs ...
    (Vuln-Dev)
  • Re: Problem With Crypt::CBC
    ... is later read in by a Java program. ... continue using the passwords and vectors I'm using (both 8 bytes, ... use the hash, then the Java program on the other end will not be able to ...
    (comp.lang.perl.misc)
  • Re: deadlock and thread
    ... i have "main" java program usually called as midlet, ... other java programs which is called by the main program to perform ... several task such as sending and receiving sms etc. ... As near as I can tell, in a MIDlet you have access to the same Thread class available in regular Java apps. ...
    (comp.lang.java.programmer)
  • Re: How to interact with a Live java process from php?
    ... This service can only be accessed from a java program on the backend, and this program, unfortunately, is a 24/7 live process. ... My teammate is going to write a php program to handle the front end request, so my question is that, is it possible for such a design to work? ... I'll guess the "live 24/7" backend java process is a "java servlet" ...
    (comp.lang.php)