[glewis@freebsd.org: cvs commit: ports/java/jdk14 Makefile]
Greg Lewis
glewis at eyesbeyond.com
Mon Dec 6 07:45:34 PST 2004
On Mon, Dec 06, 2004 at 10:28:14AM +0200, Panagiotis Astithas wrote:
> There seems to be another vulnerability:
>
> Java 1.4.2_05 also has a vulnerability in the serialization APIs (used
> by RMI) that allows to overload a remote JVM [and drive uptime loads
> to the 100s].
>
> http://www.securityfocus.com/archive/1/382309
>
> I suppose we are vulnerable to that, too.
Yes, but I'm not as concerned about a DOS attack as I am about a
vulnerability which allows writing to your hard drive.
--
Greg Lewis Email : glewis at eyesbeyond.com
Eyes Beyond Web : http://www.eyesbeyond.com
Information Technology FreeBSD : glewis at FreeBSD.org
More information about the freebsd-java
mailing list