N
neuneudr
Hi,
there's something I don't get about a recent Java GIF decoder exploit.
I was under the impression that since Java existed there had never
been any
buffer overrun/overflow in Java programs. That the JVM explicitely
made that
impossible and that, should a buffer overflow happen, it would an
error in
the implementation of the particular JVM it'd affect, not a flaw in
the JVM sandbox
model.
Now I know we've already seen some issues (I remember, for example,
some
zlib decompression exploit, but it was a third-party, native C lib
that the JVM
depended on).
Here's the issue (it clearly says that it's a "buffer overrun") :
"Security Vulnerability in Processing GIF Images in the Java Runtime
Environment
May Allow an Untrusted Applet to Elevate Privileges"
http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
Does it mean that the GIF decoder is not written in Java ?
If the GIF decoder is written in Java, how can a buffer overrun
happen ?
(does it mean the sandbox model, which has been free of buffer overrun
since 10 years, is broken?)
Thanks in advance to anyone shedding light on this,
Driss
there's something I don't get about a recent Java GIF decoder exploit.
I was under the impression that since Java existed there had never
been any
buffer overrun/overflow in Java programs. That the JVM explicitely
made that
impossible and that, should a buffer overflow happen, it would an
error in
the implementation of the particular JVM it'd affect, not a flaw in
the JVM sandbox
model.
Now I know we've already seen some issues (I remember, for example,
some
zlib decompression exploit, but it was a third-party, native C lib
that the JVM
depended on).
Here's the issue (it clearly says that it's a "buffer overrun") :
"Security Vulnerability in Processing GIF Images in the Java Runtime
Environment
May Allow an Untrusted Applet to Elevate Privileges"
http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
Does it mean that the GIF decoder is not written in Java ?
If the GIF decoder is written in Java, how can a buffer overrun
happen ?
(does it mean the sandbox model, which has been free of buffer overrun
since 10 years, is broken?)
Thanks in advance to anyone shedding light on this,
Driss