[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject




Well, folks, I told you so. Sorry to be nasty about it.

> Date: Sun, 18 Feb 1996 23:57:02 -0500
> From: Drew Dean <[email protected]>
> Subject: Java security problems
> 
> We have discovered a serious security problem with Netscape Navigator's 2.0
> Java implementation.  (The problem is also present in the 1.0 release of the
> Java Development Kit from Sun.)  An applet is normally allowed to connect
> only to the host from which it was loaded.  However, this restriction is not
> properly enforced.  A malicious applet can open a connection to an arbitrary
> host on the Internet.  At this point, bugs in any TCP/IP-based network
> service can be exploited.  We have implemented (as a proof of concept) an
> exploitation of an old sendmail bug.
[...]
> A second, also serious, bug exists in javap, the bytecode
> disassembler.  An overly long method name can overflow a stack
> allocated buffer, potentially causing arbitrary native code to be
> executed.  The problem is an unchecked sprintf() call, just like the
> syslog(3) problem last year.
[...]