Date: Mon, 6 Dec 2004 08:45:20 -0700 From: Greg Lewis <glewis@eyesbeyond.com> To: Panagiotis Astithas <past@ebs.gr> Cc: freebsd-java@freebsd.org Subject: Re: [glewis@freebsd.org: cvs commit: ports/java/jdk14 Makefile] Message-ID: <20041206154520.GA18843@misty.eyesbeyond.com> In-Reply-To: <41B4181E.10704@ebs.gr> References: <20041124161926.GB10910@misty.eyesbeyond.com> <41B4181E.10704@ebs.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 06, 2004 at 10:28:14AM +0200, Panagiotis Astithas wrote: > There seems to be another vulnerability: > > Java 1.4.2_05 also has a vulnerability in the serialization APIs (used > by RMI) that allows to overload a remote JVM [and drive uptime loads > to the 100s]. > > http://www.securityfocus.com/archive/1/382309 > > I suppose we are vulnerable to that, too. Yes, but I'm not as concerned about a DOS attack as I am about a vulnerability which allows writing to your hard drive. -- Greg Lewis Email : glewis@eyesbeyond.com Eyes Beyond Web : http://www.eyesbeyond.com Information Technology FreeBSD : glewis@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041206154520.GA18843>