
Well, folks, I told you so. Sorry to be nasty about it.
Date: Sun, 18 Feb 1996 23:57:02 -0500 From: Drew Dean <ddean@CS.Princeton.EDU> Subject: Java security problems
We have discovered a serious security problem with Netscape Navigator's 2.0 Java implementation. (The problem is also present in the 1.0 release of the Java Development Kit from Sun.) An applet is normally allowed to connect only to the host from which it was loaded. However, this restriction is not properly enforced. A malicious applet can open a connection to an arbitrary host on the Internet. At this point, bugs in any TCP/IP-based network service can be exploited. We have implemented (as a proof of concept) an exploitation of an old sendmail bug. [...] A second, also serious, bug exists in javap, the bytecode disassembler. An overly long method name can overflow a stack allocated buffer, potentially causing arbitrary native code to be executed. The problem is an unchecked sprintf() call, just like the syslog(3) problem last year. [...]
participants (1)
-
owner-cypherpunks@toad.com