Re: Java and buffer overflows

From: Dave Aitel (dave@immunitysec.com)
Date: 06/27/02

Previous message: cluestick@hushmail.com: "Cluestick Advisory #000"
Maybe in reply to: cyber_rider@europe.com: "Java and buffer overflows"
Next in thread: Zacharias Pigadas: "RE: Java and buffer overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Dave Aitel <dave@immunitysec.com>
To: KF <dotslash@snosoft.com>
Date: 27 Jun 2002 11:34:21 -0400

Well, here's what I'm saying: The server was written in Java. You send a
long string in the right place, it crashes. The stack is like a billion
calls long, but at the end of it, you get to see 0x4141414141. :>

My assumption was a native code interface, but I could have been wrong.
:>

I didn't bother to write it up because it got taken to the vendor
immediately and fixed. Course, if I'd gone public everyone would have
whined at me for not knowing every single little thing about the bug,
which they were getting owned by already.

Frankly, half the time going to the vendor isn't worth the effort.
Sometimes, like Mandrake, they just ignore you anyways.

-dave

On Wed, 2002-06-26 at 23:17, KF wrote:
> So what you are saying is that you found a buffer overflow in some code
> that uses JNI? As in there was some c based code that the java invoked?
> I am currious to see how this works.
> -KF
>
>
> Dave Aitel wrote:
>
> >Although, as another poster said, native code invocation is going to
> >continue to be a problem for managed languages such as Java and C# in
> >the years to come.
> >
> >I've found a buffer overflow in native code invoked by a major
> >application server that happened to be written in Java. It's fixed now,
> >btw. :>
> >
> >-dave
> >
> >
> >
>
>
>
>

application/pgp-signature attachment: This is a digitally signed message part

Previous message: cluestick@hushmail.com: "Cluestick Advisory #000"
Maybe in reply to: cyber_rider@europe.com: "Java and buffer overflows"
Next in thread: Zacharias Pigadas: "RE: Java and buffer overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: newbie question: how to make a malloc substitute threadsafe
... What if the java threading model somehow makes its own context switch ... Should the native code use JNI functions MonitorEnter and MonitorExit, ... # or use the native thread synchronization primitives in the host environment ...
(comp.programming.threads)
Re: Is Java for Palm/PocketPC/Zaurus a solution
... Palm has licensed IBM's WME ... but I believe the market has shifted somewhat. ... > a viable Java platform's not available. ... time I could have bought a pda and written my app in native code :-) ...
(comp.lang.java.programmer)
Re: compiler back-end development?
... currently support PPC32/64 and IA32. ... It currently not only hosts a Java ... Java has a cost: ... after all, even the JVM depends on native code and C, but native code and C ...
(comp.compilers)
Re: Unicode support in Dexter?
... that it is not executing native code? ... Except that p-code doesn't mean "not native." ... While EXEs contain IL they are compiled at startup to native code. ... Java was executed in this way in the early days but it now has something called a "hotspot compiler" - since JDK 1.3 I believe. ...
(borland.public.delphi.non-technical)
Re: vm02 preview #3
... As maybe not everybody is aware the interoperation of Java code and ... native code doesn't only mean calling from Java into native code but ... That means that the JNI spec does _NOT_ ... Memory blocks will be moved around dynamically by the memory manager unless you lock them down, ...
(comp.sys.apple2.programmer)