[firstname.lastname@example.org: cvs commit: ports/java/jdk14 Makefile]
glewis at eyesbeyond.com
Mon Dec 6 07:45:34 PST 2004
On Mon, Dec 06, 2004 at 10:28:14AM +0200, Panagiotis Astithas wrote:
> There seems to be another vulnerability:
> Java 1.4.2_05 also has a vulnerability in the serialization APIs (used
> by RMI) that allows to overload a remote JVM [and drive uptime loads
> to the 100s].
> I suppose we are vulnerable to that, too.
Yes, but I'm not as concerned about a DOS attack as I am about a
vulnerability which allows writing to your hard drive.
Greg Lewis Email : glewis at eyesbeyond.com
Eyes Beyond Web : http://www.eyesbeyond.com
Information Technology FreeBSD : glewis at FreeBSD.org
More information about the freebsd-java