BIG JAVA SECURITY HOLE
Perry E. Metzger
perry at piermont.com
Wed Feb 21 19:39:07 PST 1996
Well, folks, I told you so. Sorry to be nasty about it.
> Date: Sun, 18 Feb 1996 23:57:02 -0500
> From: Drew Dean <ddean at CS.Princeton.EDU>
> Subject: Java security problems
>
> We have discovered a serious security problem with Netscape Navigator's 2.0
> Java implementation. (The problem is also present in the 1.0 release of the
> Java Development Kit from Sun.) An applet is normally allowed to connect
> only to the host from which it was loaded. However, this restriction is not
> properly enforced. A malicious applet can open a connection to an arbitrary
> host on the Internet. At this point, bugs in any TCP/IP-based network
> service can be exploited. We have implemented (as a proof of concept) an
> exploitation of an old sendmail bug.
[...]
> A second, also serious, bug exists in javap, the bytecode
> disassembler. An overly long method name can overflow a stack
> allocated buffer, potentially causing arbitrary native code to be
> executed. The problem is an unchecked sprintf() call, just like the
> syslog(3) problem last year.
[...]
More information about the Testlist
mailing list